ndis hook開發日誌(2)-獲取網路卡資訊 - Kevins的天空 http://rootsec.tk - CSDNBlog
導讀:
本文轉自
http://blog.csdn.net/iiprogram/archive/2006/04/26/677562.aspx
搞了半天,唉,還是讀登錄檔獲取網路卡資訊比較好,還有一個方式我也貼下面,關鍵是我還沒弄明白
下面是我的程式碼:
PUNICODE_STRING uAdapName = Adapter->MyOpenBlock->RootDeviceName;
PWCHAR p = RVATOVA(uAdapName->Buffer, uAdapName->Length << 1);
UNICODE_STRING uName;
OBJECT_ATTRIBUTES obj;
HANDLE KeyHandle;
if (Adapter->Type != NdisMedium802_3) return;
while (*(p-1) != '//') p--;
DbgPrint("Adap %ws %ws", p, Adapter->MyOpenBlock->BindDeviceName->Buffer);
swprintf(Name, L"//registry//machine//system//CurrentControlSet//Services//Tcpip//Par ameters//Interfaces//%ws", p);
RtlInitUnicodeString(&uName, Name);
InitializeObjectAttributes(
&obj,
&uName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL
);
status = ZwOpenKey(&KeyHandle, KEY_ALL_ACCESS, &obj);
if (NT_SUCCESS(status))
{
Adapter->IpAddress = ReadIpAddress(KeyHandle, L"IPAddress");
if (!Adapter->IpAddress)
{
Adapter->IpAddress = ReadIpAddress(KeyHandle, L"DhcpIPAddress");
DbgPrint("Get dhcp ip");
}
Adapter->SubnetMask = ReadIpAddress(KeyHandle, L"SubnetMask");
if (!Adapter->SubnetMask)
{
Adapter->SubnetMask = ReadIpAddress(KeyHandle, L"DhcpSubnetMask");
}
Adapter->Gateway = ReadIpAddress(KeyHandle, L"DefaultGateway");
ZwClose(KeyHandle);
}
ULONG
ReadIpAddress(
IN HANDLE KeyHandle,
IN PWCHAR ValName
)
{
UNICODE_STRING uName;
WCHAR Name[MAX_PATH];
PKEY_VALUE_PARTIAL_INFORMATION Info = (void*)&Name;
CHAR aName[MAX_PATH];
ULONG ResLen;
RtlInitUnicodeString(&uName, ValName);
ZwQueryValueKey(
KeyHandle,
&uName,
KeyValuePartialInformation,
Info,
sizeof(Name),
&ResLen
);
wcstombs(aName, (PWCHAR)&Info->Data, -1);
return inet_addr(aName);
}
u32_t inet_addr(const char *cp)
{
u32_t address;
u32_t shift;
u32_t sym;
address = 0;
shift = 0;
while (*cp)
{
sym = 0;
while ((*cp != '.') && (*cp != '/0'))
{
if ((*cp < '0') || (*cp > '9')) return 0;
sym = sym*10 + (u32_t)(*cp - '0');
++cp;
}
address += sym << shift;
shift += 8;
if (*cp++ == '/0') break;
}
return address;
}來看看packet.sys是如何獲取的:
typedef struct _OPEN_INSTANCE {PDEVICE_OBJECT DeviceObject;
ULONG IrpCount;
NDIS_STRING AdapterName;
NDIS_STRING SymbolicLink;
NDIS_HANDLE AdapterHandle;
NDIS_HANDLE PacketPool;
KSPIN_LOCK RcvQSpinLock;
LIST_ENTRY RcvList;
NDIS_MEDIUM Medium;
KSPIN_LOCK ResetQueueLock;
LIST_ENTRY ResetIrpList;
NDIS_STATUS Status;
NDIS_EVENT Event;
NDIS_EVENT CleanupEvent;
//
// List entry to link to the other deviceobjects.
//
LIST_ENTRY AdapterListEntry;
BOOLEAN Bound; // Set to TRUE when OpenAdapter is complete
// Set to FALSE when CloseAdpater is complete
CHAR Filler[3];
} OPEN_INSTANCE, *POPEN_INSTANCE;
NTSTATUS
PacketGetAdapterList(
IN PVOID Buffer,
IN ULONG Length,
IN OUT PULONG DataLength
)
/*++
Routine Description:
This routine walks the adapter list and gets the symbolic
link and NIC description and fills it in the Buffer.
The format of the information is given below.
Arguments:
Return Value:
--*/
{
ULONG requiredLength = 0, numOfAdapters = 0;
KIRQL oldIrql;
PLIST_ENTRY thisEntry, listHead;
POPEN_INSTANCE open;
DebugPrint(("Enter PacketGetAdapterList/n"));KeAcquireSpinLock(&Globals.GlobalLock, &oldIrql);
//
// Walks the list to find out total space required for AdapterName
// and Symbolic Link.
//
listHead = &Globals.AdapterList;
for(thisEntry = listHead->Flink;
thisEntry != listHead;
thisEntry = thisEntry->Flink)
{
open = CONTAINING_RECORD(thisEntry, OPEN_INSTANCE, AdapterListEntry);
requiredLength += open->AdapterName.Length + sizeof(UNICODE_NULL);
requiredLength += open->SymbolicLink.Length + sizeof(UNICODE_NULL);
numOfAdapters++;
}
//
// We will return the data in the following format:
// numOfAdapters + One_Or_More("AdapterName/0" + "SymbolicLink/0") + UNICODE_NULL
// So let's include the numOfAdapters and UNICODE_NULL size
// to the total length.
//
requiredLength += sizeof(ULONG) + sizeof(UNICODE_NULL);
*DataLength = requiredLength;
if(requiredLength > Length) {
KeReleaseSpinLock(&Globals.GlobalLock, oldIrql);
return STATUS_BUFFER_TOO_SMALL;
}
*(PULONG)Buffer = numOfAdapters;
(PCHAR)Buffer += sizeof(ULONG);
//
// Copy the name and symbolic link of each adapter.
//
for(thisEntry = listHead->Flink;
thisEntry != listHead;
thisEntry = thisEntry->Flink)
{
open = CONTAINING_RECORD(thisEntry, OPEN_INSTANCE, AdapterListEntry);
RtlCopyMemory(Buffer, open->AdapterName.Buffer,
open->AdapterName.Length+sizeof(WCHAR));
(PCHAR)Buffer += open->AdapterName.Length+sizeof(WCHAR);
RtlCopyMemory(Buffer, open->SymbolicLink.Buffer,
open->SymbolicLink.Length+sizeof(WCHAR));
(PCHAR)Buffer += open->SymbolicLink.Length+sizeof(WCHAR);
}
*(PWCHAR)Buffer = UNICODE_NULL;
KeReleaseSpinLock(&Globals.GlobalLock, oldIrql);
return STATUS_SUCCESS;
}
本文轉自
http://blog.csdn.net/iiprogram/archive/2006/04/26/677562.aspx
相關文章
- 獲取網路卡的相關資訊
- java獲取redis的日誌資訊和動態監控資訊JavaRedis
- DB2_獲取診斷日誌DB2
- 獲取網路卡 IP
- mysql之 xtrabackup原理、備份日誌分析、備份資訊獲取MySql
- 智慧手環core日誌獲取
- 智慧手環guard日誌獲取
- 獲取Tomcat更詳細的日誌Tomcat
- winform C# 獲取區分物理網路卡、虛擬網路卡及無線網路卡ORMC#
- .NET微信網頁開發之網頁授權獲取使用者基本資訊網頁
- 夢想cad在網頁開發時如何獲取圖層操作的資訊網頁
- 獲取兩天內的告警日誌(bash|shell|oracle)Oracle
- 獲取一週內的告警日誌(python|Oracle)PythonOracle
- 使用 adb 命令獲取指定應用的日誌
- 開發日誌5
- 開發日誌8
- 開發日誌7
- 開發日誌10
- 開發日誌9
- Avalonia開發日誌
- 【iOS開發】獲取區域網IPiOS
- 木頭的開發日誌
- 如何獲取外網IP和IP的資訊
- 獲取兩天內的告警日誌(AIX|ksh|shell|oracle)AIOracle
- 本地檔案包含之包含日誌獲取webshellWebshell
- ASP.NET獲取CPU序列號,硬碟序列號ID,獲取網路卡編號ASP.NET硬碟
- 獲取異常資訊裡再出異常就找不到日誌了,我TM人傻了
- Linux作業系統獲取網路卡初始的MAC地址Linux作業系統Mac
- django開發-log日誌的配置Django
- FLOWERS開發日誌(三)
- FLOWERS開發日誌(一)
- FLOWERS開發日誌(二)
- 微信開發筆記——微信網頁登入授權,獲取使用者資訊筆記網頁
- 微信開發——通過授權獲取使用者的基本資訊
- 透過WebView2獲取HTTP-only cookieWebViewHTTPCookie
- IOS 特定於裝置的開發:獲取額外的裝置資訊iOS
- WKWebView 獲取JS端的console.log日誌WebViewJS
- Yii2 獲取當前請求的路由資訊路由