不用inf安装ndis filter驱动

franket

发布于 2021-08-10 11:40:06

4490

发布于 2021-08-10 11:40:06

对于 xx 项目来说，NDIS Filter 确实不好用，还是上 WFP 吧，弃坑。有个bug，先不解决了

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740

/*mengxp works 2020QQ: 4003032*/#define _CRT_SECURE_NO_WARNINGS#include <winsock2.h>#include <netioapi.h>#include <stdio.h>#include <Shlwapi.h>#include <setupapi.h> #pragma comment(lib, "setupapi.lib")#pragma comment(lib, "iphlpapi.lib") DWORD OsVerMajor,OsVerMinor,OsVerWorkstation;BOOL Is64BitWindows; typedef BOOL (WINAPI *PISWOW64)(HANDLE hProcess,PBOOL pIsWow64);typedef BOOL (WINAPI *PDISABLE_FS_REDIR)(PVOID *OldValue);typedef BOOL (WINAPI *PREVERT_FS_REDIR)(PVOID OldValue);typedef NTSTATUS (WINAPI *PFN_RTL_ADJUST_PRIVILEGE)(int, BOOL, BOOL, int *);#define SE_DEBUG_PRIVILEGE 0x14 typedef enum tagCOMPONENT_CHARACTERISTICS { NCF_VIRTUAL = 0x1, NCF_SOFTWARE_ENUMERATED = 0x2, NCF_PHYSICAL = 0x4, NCF_HIDDEN = 0x8, NCF_NO_SERVICE = 0x10, NCF_NOT_USER_REMOVABLE = 0x20, NCF_MULTIPORT_INSTANCED_ADAPTER = 0x40, NCF_HAS_UI = 0x80, NCF_SINGLE_INSTANCE = 0x100, NCF_FILTER = 0x400, NCF_DONTEXPOSELOWER = 0x1000, NCF_HIDE_BINDING = 0x2000, NCF_NDIS_PROTOCOL = 0x4000, NCF_FIXED_BINDING = 0x20000, NCF_LW_FILTER = 0x40000} COMPONENT_CHARACTERISTICS; VOID GetOsVer(){ HMODULE hKernel32 = LoadLibraryA("Kernel32.dll"); PISWOW64 pfnIsWow64Process = (PISWOW64)GetProcAddress(hKernel32,"IsWow64Process"); BOOL bIsWow64 = FALSE; OSVERSIONINFOEX OsVer; memset(&OsVer,0,sizeof(OsVer)); OsVer.dwOSVersionInfoSize = sizeof(OsVer); GetVersionEx((OSVERSIONINFO *)&OsVer); OsVerMajor = OsVer.dwMajorVersion; OsVerMinor = OsVer.dwMinorVersion; OsVerWorkstation = OsVer.wProductType == VER_NT_WORKSTATION ? TRUE : FALSE; if(pfnIsWow64Process) pfnIsWow64Process(GetCurrentProcess(),&Is64BitWindows);} VOID AdjustDebugPrivilege(){ HMODULE hNtDll = LoadLibraryA("ntdll.dll"); PFN_RTL_ADJUST_PRIVILEGE RtlAdjustPrivilege = (PFN_RTL_ADJUST_PRIVILEGE)GetProcAddress(hNtDll,"RtlAdjustPrivilege"); int Enabled; RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, &Enabled);} BOOL ShutdownWow64Redir(PVOID *ppOldFsRedir){ HMODULE hKernel32 = LoadLibraryA("Kernel32.dll"); PISWOW64 pfnIsWow64Process = (PISWOW64)GetProcAddress(hKernel32,"IsWow64Process"); PDISABLE_FS_REDIR pfnDisableFsRedir = (PDISABLE_FS_REDIR)GetProcAddress(hKernel32,"Wow64DisableWow64FsRedirection"); PREVERT_FS_REDIR pfnRevertFsRedir = (PREVERT_FS_REDIR)GetProcAddress(hKernel32,"Wow64RevertWow64FsRedirection"); BOOL bIsWow64 = FALSE; BOOL bRet = FALSE; if(pfnIsWow64Process) pfnIsWow64Process(GetCurrentProcess(),&bIsWow64); if(bIsWow64 && pfnDisableFsRedir) { bRet = pfnDisableFsRedir(ppOldFsRedir); } return bRet;} BOOL RevertWow64Redir(PVOID pOldFsRedir){ HMODULE hKernel32 = LoadLibraryA("Kernel32.dll"); PISWOW64 pfnIsWow64Process = (PISWOW64)GetProcAddress(hKernel32,"IsWow64Process"); PDISABLE_FS_REDIR pfnDisableFsRedir = (PDISABLE_FS_REDIR)GetProcAddress(hKernel32,"Wow64DisableWow64FsRedirection"); PREVERT_FS_REDIR pfnRevertFsRedir = (PREVERT_FS_REDIR)GetProcAddress(hKernel32,"Wow64RevertWow64FsRedirection"); BOOL bIsWow64 = FALSE; BOOL bRet = FALSE; if(pfnIsWow64Process) pfnIsWow64Process(GetCurrentProcess(),&bIsWow64); if(bIsWow64 && pfnRevertFsRedir) { bRet = pfnRevertFsRedir(pOldFsRedir); } return bRet;} ////////////////////////////////////////////////////////////////////////// BOOL _IsServiceRunning(LPCSTR ServiceName){ SC_HANDLE hSc = NULL, hService = NULL; BOOL bRunning = FALSE; do { SERVICE_STATUS Status; hSc = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); if(!hSc) break; hService = OpenServiceA(hSc, ServiceName, SERVICE_ALL_ACCESS); if(!hService) break; if(!QueryServiceStatus(hService, &Status)) break; if(Status.dwCurrentState != SERVICE_STOPPED) bRunning = TRUE; } while (FALSE); if(hSc) CloseServiceHandle(hSc); if(hService) CloseServiceHandle(hService); return bRunning;} BOOL _StartService(LPCSTR ServiceName){ SC_HANDLE hSc = NULL, hService = NULL; BOOL bSuccess = FALSE; do { hSc = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); if(!hSc) break; hService = OpenServiceA(hSc, ServiceName, SERVICE_ALL_ACCESS); if(!hService) break; bSuccess = StartService(hService, 0, NULL); } while (FALSE); if(hSc) CloseServiceHandle(hSc); if(hService) CloseServiceHandle(hService); return bSuccess;} BOOL _CreateService(LPCSTR ServiceName, LPCSTR DisplayName, LPCSTR SysPath, BOOL bKernelService, BOOL bAutoStart, LPCSTR LoadOrder){ SC_HANDLE hSc = NULL, hService = NULL; BOOL bSuccess = FALSE; do { hSc = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); if(!hSc) break; hService = CreateServiceA(hSc, ServiceName, DisplayName, SERVICE_ALL_ACCESS, bKernelService ? SERVICE_KERNEL_DRIVER : SERVICE_WIN32_OWN_PROCESS, bAutoStart ? (bKernelService ? SERVICE_SYSTEM_START : SERVICE_AUTO_START) : SERVICE_DEMAND_START, SERVICE_ERROR_IGNORE, SysPath, LoadOrder, NULL, NULL, NULL, NULL); if(!hService) break; bSuccess = TRUE; } while (FALSE); if(hSc) CloseServiceHandle(hSc); if(hService) CloseServiceHandle(hService); return bSuccess;} BOOL _DeleteService(LPCSTR ServiceName){ SC_HANDLE hSc = NULL, hService = NULL; BOOL bSuccess = FALSE; do { hSc = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); if(!hSc) break; hService = OpenServiceA(hSc, ServiceName, SERVICE_ALL_ACCESS); if(!hService) break; bSuccess = DeleteService(hService); } while (FALSE); if(hSc) CloseServiceHandle(hSc); if(hService) CloseServiceHandle(hService); return bSuccess;} BOOL _StopService(LPCSTR ServiceName){ SC_HANDLE hSc = NULL, hService = NULL; BOOL bSuccess = FALSE; do { SERVICE_STATUS Status; int i = 5; hSc = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS); if(!hSc) break; hService = OpenServiceA(hSc, ServiceName, SERVICE_ALL_ACCESS); if(!hService) break; if(!ControlService(hService, SERVICE_CONTROL_STOP, &Status)) break; if(Status.dwCurrentState == SERVICE_STOPPED) { bSuccess = TRUE; break; } while(i--) { if(!QueryServiceStatus(hService, &Status)) break; if(Status.dwCurrentState == SERVICE_STOPPED) { bSuccess = TRUE; break; } } } while (FALSE); if(hSc) CloseServiceHandle(hSc); if(hService) CloseServiceHandle(hService); return bSuccess;} //////////////////////////////////////////////////////////////////////////BOOL RegWow64; LSTATUS QueryRegValue(HKEY key, LPCSTR subKey, LPCSTR name, LPBYTE value, ULONG *size, ULONG *type){ HKEY hKey; LSTATUS Status; REGSAM sam = KEY_QUERY_VALUE; if(Is64BitWindows && RegWow64) sam |= KEY_WOW64_64KEY; Status = RegOpenKeyExA(key, subKey, 0, sam, &hKey); if(Status == ERROR_SUCCESS) { Status = RegQueryValueExA(hKey, name, NULL, type, value, size); RegCloseKey(hKey); } return Status;} LSTATUS QueryRegString(HKEY key, LPCSTR subKey, LPCSTR name, LPBYTE valueBuf, ULONG valueBufSize){ DWORD type; return QueryRegValue(key, subKey, name, valueBuf, &valueBufSize, &type);} LSTATUS QueryRegDWORD(HKEY key, LPCSTR subKey, LPCSTR name, DWORD *value){ DWORD size = sizeof(DWORD), type; return QueryRegValue(key, subKey, name, (LPBYTE)value, &size, &type);} LSTATUS SetRegValue(HKEY key, LPCSTR subKey, LPCSTR name, LPCBYTE value, ULONG size, ULONG type){ HKEY hKey; LSTATUS Status; REGSAM sam = KEY_ALL_ACCESS; if(Is64BitWindows && RegWow64) sam |= KEY_WOW64_64KEY; Status = RegOpenKeyExA(key, subKey, 0, sam, &hKey); if(Status == ERROR_SUCCESS) { Status = RegSetValueExA(hKey, name, 0, type, value, size); RegCloseKey(hKey); } return Status;} LSTATUS SetRegString(HKEY key, LPCSTR subKey, LPCSTR name, LPCSTR value){ return SetRegValue(key, subKey, name, (LPCBYTE)value, strlen(value) + 1, REG_SZ);} LSTATUS SetRegMultiString1(HKEY key, LPCSTR subKey, LPCSTR name, LPCSTR value){ LSTATUS Status; int bufSize = strlen(value) + 2; char *buf; buf = malloc(bufSize); if(!buf) return S_FALSE; memset(buf, 0, bufSize); strcpy(buf, value); Status = SetRegValue(key, subKey, name, (LPCBYTE)buf, bufSize, REG_MULTI_SZ); free(buf); return Status;} LSTATUS SetRegDWORD(HKEY key, LPCSTR subKey, LPCSTR name, DWORD value){ return SetRegValue(key, subKey, name, (LPCBYTE)&value, sizeof(DWORD), REG_DWORD);} LSTATUS AppendRegMultiString(HKEY key, LPCSTR subKey, LPCSTR name, LPCSTR append){ HKEY hKey; LSTATUS Status; REGSAM sam = KEY_ALL_ACCESS; if(Is64BitWindows && RegWow64) sam |= KEY_WOW64_64KEY; Status = RegOpenKeyExA(key, subKey, 0, sam, &hKey); if(Status == ERROR_SUCCESS) { DWORD bufferIncrement = 4096, bufferSize, type, isExist = FALSE; LPBYTE buffer; PCHAR src, dst; bufferSize = bufferIncrement; buffer = malloc(bufferSize); if(!buffer) return S_FALSE; Status = RegQueryValueExA(hKey, name, NULL, &type, buffer, &bufferSize); while(Status == ERROR_MORE_DATA) { bufferSize += bufferIncrement; buffer = realloc(buffer, bufferSize); if(!buffer) return S_FALSE; Status = RegQueryValueExA(hKey, name, NULL, &type, buffer, &bufferSize); } src = buffer; while(*src) { if(!strcmp(src, append)) { isExist = TRUE; break; } src += strlen(src) + 1; } if(!isExist) { int appendLen = strlen(append); LPBYTE newBuffer = malloc(bufferSize + appendLen + 1); Status = S_FALSE; if(newBuffer) { src = buffer; dst = (PCHAR)newBuffer; while(*src) { int len = strlen(src) + 1; strcpy(dst, src); src += len; dst += len; } strcpy(dst, append); dst += appendLen + 1; *dst = 0; Status = RegSetValueExA(hKey, name, 0, REG_MULTI_SZ, newBuffer, bufferSize + appendLen + 1); free(newBuffer); } } free(buffer); RegCloseKey(hKey); } return Status;} LSTATUS CreateRegKey(HKEY key, LPCSTR subKey){ HKEY hKey; LSTATUS Status; REGSAM sam = KEY_ALL_ACCESS; if(Is64BitWindows && RegWow64) sam |= KEY_WOW64_64KEY; Status = RegCreateKeyExA(key, subKey, 0, NULL, 0, sam, NULL, &hKey, NULL); if(Status == ERROR_SUCCESS) { RegCloseKey(hKey); } return Status;} LSTATUS DeleteRegKey(HKEY key, LPCSTR subKey, LPCSTR name){ HKEY hKey; LSTATUS Status; REGSAM sam = KEY_ALL_ACCESS; if(Is64BitWindows && RegWow64) sam |= KEY_WOW64_64KEY; Status = RegOpenKeyExA(key, subKey, 0, sam, &hKey); if(Status == ERROR_SUCCESS) { Status = RegDeleteKeyA(hKey, name); RegCloseKey(hKey); } return Status;} LSTATUS DeleteRegValue(HKEY key, LPCSTR subKey, LPCSTR name){ HKEY hKey; LSTATUS Status; REGSAM sam = KEY_ALL_ACCESS; if(Is64BitWindows && RegWow64) sam |= KEY_WOW64_64KEY; Status = RegOpenKeyExA(key, subKey, 0, sam, &hKey); if(Status == ERROR_SUCCESS) { Status = RegDeleteValueA(hKey, name); RegCloseKey(hKey); } return Status;} ////////////////////////////////////////////////////////////////////////// BOOL InstallNdisFilter(LPCSTR serviceName, LPCSTR serviceDesc, LPCSTR sysPath, LPCSTR netCfgInstanceId){ LPCSTR sysFile; PVOID OldRedir; CHAR Path[256]; BOOL bRet; //复制驱动程序文件 ShutdownWow64Redir(&OldRedir); sysFile = strrchr(sysPath, '\\'); if(!sysFile) sysFile = sysPath; ExpandEnvironmentStrings("%systemroot%\\system32\\drivers\\", Path, sizeof(Path)); strcat(Path, sysFile); bRet = CopyFile(sysPath, Path, FALSE); RevertWow64Redir(&OldRedir); if(!bRet) { printf("Copy driver file %s failed\n", sysFile); return FALSE; } //创建驱动服务 sprintf(Path, "\\SystemRoot\\System32\\drivers\\%s", sysFile); bRet = _CreateService(serviceName, serviceDesc, Path, TRUE, TRUE, "NDIS"); if(!bRet) { printf("Create service %s failed\n", serviceName); return FALSE; } //NDIS Version sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s", serviceName); SetRegDWORD(HKEY_LOCAL_MACHINE, Path, "NdisMajorVersion", 6); SetRegDWORD(HKEY_LOCAL_MACHINE, Path, "NdisMinorVersion", 0); //INF Common.Params.reg sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\FilterAdapterParams", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\FilterAdapterParams\\AdapterParam", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); SetRegString(HKEY_LOCAL_MACHINE, Path, "ParamDesc", "Adapterparam for lwf"); SetRegString(HKEY_LOCAL_MACHINE, Path, "type", "int"); SetRegString(HKEY_LOCAL_MACHINE, Path, "default", "10"); sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\FilterDriverParams", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\FilterDriverParams\\DriverParam", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); SetRegString(HKEY_LOCAL_MACHINE, Path, "ParamDesc", "Driverparam for lwf"); SetRegString(HKEY_LOCAL_MACHINE, Path, "type", "int"); SetRegString(HKEY_LOCAL_MACHINE, Path, "default", "5"); sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); SetRegString(HKEY_LOCAL_MACHINE, Path, "DriverParam", "5"); SetRegDWORD(HKEY_LOCAL_MACHINE, Path, "DefaultFilterSettings", 1); //Binding sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters\\Adapters", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); sprintf(Path, "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters\\NdisAdapters", serviceName); CreateRegKey(HKEY_LOCAL_MACHINE, Path); //INF Ndi part, ignore: InfPath InfSection InstallTimeStamp LocDescription sprintf(Path, "SYSTEM\\CurrentControlSet\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\%s", netCfgInstanceId); CreateRegKey(HKEY_LOCAL_MACHINE, Path); SetRegDWORD(HKEY_LOCAL_MACHINE, Path, "Characteristics", NCF_LW_FILTER); SetRegString(HKEY_LOCAL_MACHINE, Path, "ComponentId", serviceName); SetRegString(HKEY_LOCAL_MACHINE, Path, "Description", serviceDesc); //INF Ndi part, ignore: TimeStamp sprintf(Path, "SYSTEM\\CurrentControlSet\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\%s\\Ndi", netCfgInstanceId); CreateRegKey(HKEY_LOCAL_MACHINE, Path); SetRegMultiString1(HKEY_LOCAL_MACHINE, Path, "CoServices", serviceName); SetRegString(HKEY_LOCAL_MACHINE, Path, "FilterClass", "compression"); SetRegDWORD(HKEY_LOCAL_MACHINE, Path, "FilterRunType", 1); SetRegDWORD(HKEY_LOCAL_MACHINE, Path, "FilterType", 2); SetRegString(HKEY_LOCAL_MACHINE, Path, "HelpText", serviceDesc); SetRegMultiString1(HKEY_LOCAL_MACHINE, Path, "Services", serviceName); //INF Ndi Part sprintf(Path, "SYSTEM\\CurrentControlSet\\Control\\Network\\{4d36e974-e325-11ce-bfc1-08002be10318}\\%s\\Ndi\\Interfaces", netCfgInstanceId); CreateRegKey(HKEY_LOCAL_MACHINE, Path); SetRegString(HKEY_LOCAL_MACHINE, Path, "FilterMediaTypes", "ethernet"); SetRegString(HKEY_LOCAL_MACHINE, Path, "LowerRange", "nolower"); SetRegString(HKEY_LOCAL_MACHINE, Path, "UpperRange", "noupper"); return TRUE;} void RestartDevice(LPCSTR PnpInstanceId){ HDEVINFO hDevInfo = NULL; do { DWORD Index; hDevInfo = SetupDiGetClassDevs(NULL,NULL,NULL, DIGCF_PRESENT | DIGCF_ALLCLASSES); if(!hDevInfo) break; Index = 0; while(1) { SP_DEVINFO_DATA sdd = {sizeof(sdd)}; char instanceId[256]; if(!SetupDiEnumDeviceInfo(hDevInfo, Index++, &sdd)) break; if(SetupDiGetDeviceInstanceId(hDevInfo, &sdd, instanceId, sizeof(instanceId), NULL)) { if(!strcmp(instanceId, PnpInstanceId)) { SP_PROPCHANGE_PARAMS params = {sizeof(SP_CLASSINSTALL_HEADER)}; params.ClassInstallHeader.InstallFunction = DIF_PROPERTYCHANGE; params.Scope = DICS_FLAG_CONFIGSPECIFIC; params.HwProfile = 0; params.StateChange = DICS_DISABLE; SetupDiSetClassInstallParams(hDevInfo, &sdd, &params.ClassInstallHeader, sizeof(params)); SetupDiChangeState(hDevInfo, &sdd); params.StateChange = DICS_ENABLE; SetupDiSetClassInstallParams(hDevInfo, &sdd, &params.ClassInstallHeader, sizeof(params)); SetupDiChangeState(hDevInfo, &sdd); break; } } } } while (0); if(hDevInfo) SetupDiDestroyDeviceInfoList(hDevInfo);} BOOL InstallNdisFilterBind(LPCSTR filterServiceName, LPCSTR filterNetCfgInstanceId){ LPCSTR enumPath; HKEY hKey; DWORD sam = KEY_READ, index = 0; LSTATUS Status; //枚举所有 ethernet 网卡，并添加绑定。用 GetIfTable2 也可，我这里使用注册表遍历。 enumPath = "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}"; Status = RegOpenKeyExA(HKEY_LOCAL_MACHINE, enumPath, 0, sam, &hKey); if(Status != S_OK) return FALSE; while(1) { CHAR name[256], path[256], netCfgInstanceId[128]; DWORD nameSize = sizeof(name); DWORD ifType, ifChar, ifLuid; if(RegEnumKeyExA(hKey, index++, name, &nameSize, NULL, NULL, NULL, NULL) != S_OK) break; sprintf(path, "%s\\%s", enumPath, name); if(QueryRegString(HKEY_LOCAL_MACHINE, path, "NetCfgInstanceId", netCfgInstanceId, sizeof(netCfgInstanceId)) != S_OK) continue; if(QueryRegDWORD(HKEY_LOCAL_MACHINE, path, "*IfType", &ifType) != S_OK) continue; if(QueryRegDWORD(HKEY_LOCAL_MACHINE, path, "NetLuidIndex", &ifLuid) != S_OK) continue; if(QueryRegDWORD(HKEY_LOCAL_MACHINE, path, "Characteristics", &ifChar) != S_OK) continue; if( (ifType == MIB_IF_TYPE_ETHERNET || ifType == IF_TYPE_IEEE80211) && //是以太网或WiFi适配器 !(ifChar & NCF_VIRTUAL) ) //不是虚拟适配器 { //绑定到 NdisFilter CHAR bindItem[256], pnpInstanceId[256]; NET_LUID Luid; GUID Guid; sprintf(bindItem, "%s-%s-0000", netCfgInstanceId, filterNetCfgInstanceId); printf("Bind to %s\n", filterNetCfgInstanceId); sprintf(path, "%s\\%s\\Linkage", enumPath, name); printf("Append FilterList %s\n", bindItem); AppendRegMultiString(HKEY_LOCAL_MACHINE, path, "FilterList", bindItem); //Binding sprintf(path, "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters\\Adapters\\%s", filterServiceName, netCfgInstanceId); CreateRegKey(HKEY_LOCAL_MACHINE, path); sprintf(path, "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters\\Adapters\\%s\\%s-0000", filterServiceName, netCfgInstanceId, filterNetCfgInstanceId); CreateRegKey(HKEY_LOCAL_MACHINE, path); sprintf(path, "SYSTEM\\CurrentControlSet\\services\\%s\\Parameters\\NdisAdapters\\%s", filterServiceName, netCfgInstanceId); CreateRegKey(HKEY_LOCAL_MACHINE, path); SetRegString(HKEY_LOCAL_MACHINE, path, "AdapterParam", "10"); memset(&Guid, 0, sizeof(Guid)); Luid.Info.Reserved = 0; Luid.Info.IfType = ifType; Luid.Info.NetLuidIndex = ifLuid; ConvertInterfaceLuidToGuid(&Luid, &Guid); SetRegValue(HKEY_LOCAL_MACHINE, path, "InterfaceGuid", (LPCBYTE)&Guid, sizeof(Guid), REG_BINARY); //禁用启用网卡 sprintf(path, "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\%s\\Connection", netCfgInstanceId); QueryRegString(HKEY_LOCAL_MACHINE, path, "PnPInstanceId", pnpInstanceId, sizeof(pnpInstanceId)); printf("Restart %s pnpId %s\n", netCfgInstanceId, pnpInstanceId); RestartDevice(pnpInstanceId); } } RegCloseKey(hKey); return TRUE;} int main(int argc, char *argv[]){ char *SysPath; char *NetCfgInstanceId; //获取操作系统版本 GetOsVer(); //设定过滤驱动程序路径和实例GUID if(Is64BitWindows) SysPath = "tcpmasq64.sys"; else SysPath = "tcpmasq32.sys"; NetCfgInstanceId = "{91E009E2-A9A3-42B7-9E22-3A1D389D7D4D}"; //安装过滤驱动服务 printf("Install NDIS Filter\n"); InstallNdisFilter("tcpmasq", "TcpMasq NT6 LWF Driver", SysPath, NetCfgInstanceId); //添加绑定的网卡 printf("NDIS Filter Bind\n"); InstallNdisFilterBind("tcpmasq", NetCfgInstanceId); //BUG: 重新禁用启用网卡，会丢掉 Bind //可能是由于 HKLM\SYSTEM\CurrentControlSet\Control\Network\Config 数据里面没有刚注册的 NDIS Filter //Config 读写位于 netcfgx.dll //关键字 WRITING CONFIG BLOB 日志写入 C:\Windows\inf\setupapi.dev.log //FIXME return 0;}

本文系转载，前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

数据分析

编程算法

本文系转载，前往查看

如有侵权，请联系 cloudcommunity@tencent.com 删除。

数据分析

编程算法

作者已关闭评论

0 条评论

热度

不用inf安装ndis filter驱动

不用inf安装ndis filter驱动

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐