Log in

View Full Version : Is there any documentation on the services of NDIS.VxD ?


Solomon
December 11th, 2000, 02:29
I want to hook some services of NDIS.VxD in Win98 to do some packet filtering. But can't find any info about the services of this VxD in DDK & MSDN(Only how to use the NDISxxxx functions there). So I use IDA to get a deadlist of this vxd and extract its service table. Is the following correct? There seems to be big difference between the NDIS in Win9x and that in Win2K(NDIS 5.0). Just wonder how the author of IDA knows the service names of this VxD? What services shall I hook? I heard that the network architecture of Windows ME is quite different from that of Win98, is it true?
Thx for your hint.

(sorry for flooding this board)

Service_Table_0 dd offset NdisGetVersion
dd offset NdisAllocateSpinLock
dd offset NdisFreeSpinLock
dd offset NdisAcquireSpinLock
dd offset NdisReleaseSpinLock
...............
dd offset unkserv_99
dd offset unkserv_9a
dd offset unkserv_9b
dd offset unkserv_9c
dd offset unkserv_9d
dd offset unkserv_9e
dd offset unkserv_9f
dd offset unkserv_a0

Frog's Print
December 12th, 2000, 17:18
Reading the inc32 files *.inc & *.h will teach you much more than only reading the manual : => Ndis.h

Frog's Print
December 12th, 2000, 17:26
Forgot to mention that SoftICE command 'vxd NDIS' will give you the names and numbers of services (161 for NDIS)... ;-)

Solomon
December 13th, 2000, 04:21
Thank u!

Ignatz
January 1st, 2001, 14:37
Hi ppl!

Solomon, i'm interested in learning about packet filtering, too

was wondering if you could point me to some info on generally ~how~ packet filtering works...

i have the paper about bpf somewhere... and have linux and getting ready to install one of the bsd's so i can look in the networking/firewalling code... but just an overview of the theory behind it would help more than anything...

Solomon
January 2nd, 2001, 01:53
hi Ignatz,

There are some skeleton source codes & docs for packet filtering in ftp://ftp.pcausa.com/devonly/(The "ndispim9x" there needs an installation key which I don't know, but maybe sb. else can figure it out). Also there are FAQs in PCAUSA's web page.
source code for packet sniffer(not filter) can be found in http://netgroup-serv.polito.it/windump/.

Hope this helps.

Ignatz
January 2nd, 2001, 02:17
Thank you )

Checking it out now...