NDIS IM 驱动那些事情

　　最近不知道为什么开始学习windows NDIS驱动开发，用的是寒江独钓的例子，其实他的改的代码也就一点点，说的有用的东西也就那么多，不过还是感谢他出了这么一本书，不然这真的就没有一本稍微好一点的书籍来说windows 的NDIS书籍了。

　　这方面的知识貌似大家都不太愿意说，我在网上找了好久无非就是那几篇经典的例子，不过网上代码有点错误有点问题，而且核心都不原因讲解。。

比喻大家都会遇到问题，怎么在NDIS中间层发送自定义数据包的问题？ 一般我们发送都会蓝屏，网上有类似的文章。

http://blog.csdn.net/floweronwarmbed/article/details/3202065

NDIS_STATUS
MySendPacket (
   NDIS_HANDLE     NdisBindingHandle,
   NDIS_HANDLE     NdisSendPacketPool,
   PVOID           pBuffer,
   ULONG           dwBufferLength
   )
{
   NDIS_STATUS     status;
   PNDIS_PACKET    pSendPacket = NULL;
   PNDIS_BUFFER    pSendPacketBuffer = NULL;
   PUCHAR          pSendBuffer = NULL;
   ULONG           dwSendBufferLength;
   NDIS_PHYSICAL_ADDRESS HighestAcceptableAddress;
   PSEND_RSVD      SendRsvd = NULL;

   if (!NdisBindingHandle)
       return NDIS_STATUS_FAILURE;

   if (!pBuffer)
       return NDIS_STATUS_FAILURE;

   if (dwBufferLength > ETH_MAX_PACKET_SIZE)
       return NDIS_STATUS_FAILURE;

   HighestAcceptableAddress.QuadPart = -;
   dwSendBufferLength = max(dwBufferLength, ETH_MIN_PACKET_SIZE);

   status = NdisAllocateMemory(&pSendBuffer, dwSendBufferLength, , HighestAcceptableAddress);
   if (status != NDIS_STATUS_SUCCESS)
   {
       return status;
   }

   RtlZeroMemory(pSendBuffer, dwSendBufferLength);
   RtlMoveMemory(pSendBuffer, pBuffer, dwSendBufferLength);

   NdisAllocatePacket(&status, &pSendPacket, NdisSendPacketPool);
   if (status != NDIS_STATUS_SUCCESS)
   {
       NdisFreeMemory(pSendBuffer, dwSendBufferLength, );

       return status;
   }

   NdisAllocateBuffer( &status,
                       &pSendPacketBuffer,
                       NdisSendPacketPool,
                       pSendBuffer,
                       dwSendBufferLength );
   if (status != NDIS_STATUS_SUCCESS)
   {
       NdisFreeMemory(pSendBuffer, dwSendBufferLength, );
       NdisDprFreePacket(pSendPacket);

       return status;
   }

   NdisChainBufferAtFront(pSendPacket, pSendPacketBuffer);

   SendRsvd = (PSEND_RSVD)(pSendPacket->ProtocolReserved);
   SendRsvd->OriginalPkt = NULL; //注意这里

   pSendPacket->Private.Head->Next=NULL;
   pSendPacket->Private.Tail=NULL; 

   //NDIS_SET_PACKET_HEADER_SIZE(pSendPacket, 14);
   NdisSetPacketFlags(pSendPacket, NDIS_FLAGS_DONT_LOOPBACK);

   NdisSend(&status, NdisBindingHandle, pSendPacket);
   if (status != STATUS_PENDING)
   {
       NdisUnchainBufferAtFront(pSendPacket ,&pSendPacketBuffer);
       NdisQueryBufferSafe( pSendPacketBuffer,
                            (PVOID *)&pSendBuffer,
                            &dwSendBufferLength,
                            HighPagePriority );
       NdisFreeBuffer(pSendPacketBuffer);
       NdisFreeMemory(pSendBuffer, dwSendBufferLength, );
       NdisDprFreePacket(pSendPacket);
   }

   return status;
}

注意：NdisSend如果是立刻完成，没有Pending的话，你需要在NdisSend返回后释放掉刚才分配的资源，否则是Pending的话，我们就要等发生包这个事件真正完成是的Complete例程里面去释放分配的资源。

在函数PtSendComplete中：
PSEND_RSVD        SendRsvd;
SendRsvd = (PSEND_RSVD)(Packet->ProtocolReserved);
Pkt = SendRsvd->OriginalPkt;
// ProtocolReserved是个可以自己放自己数据的地方, passthru用这个存放原始包的地址, 而我们自己构造包的时候把SendRsvd->OriginalPkt设为了NULL,所以很容易判断出那个已完成发送的包是passtru的,哪些是我们构造的

       if (!Pkt )
       {
           NdisUnchainBufferAtFront(Packet, &pMySendPacketBuffer);

           if (pMySendPacketBuffer)
           {
               NdisQueryBufferSafe( pMySendPacketBuffer,
                                    (PVOID *)&pMySendBuffer,
                                    &dwMySendBufferLength,
                                    HighPagePriority );
               if (pMySendBuffer && dwMySendBufferLength)
               {
                   NdisFreeMemory(pMySendBuffer, dwMySendBufferLength, );
               }

               NdisFreeBuffer( pMySendPacketBuffer );
           }

            NdisDprFreePacket(Packet);

但这里代码比较模糊也没有说明蓝屏的本质，只是PtSendComplete里面要释放原因。。。

其实这里我测试得出，其实你释放不释放最多内存泄漏，比喻你的程序内存泄漏基本不会马上崩溃，应用程序崩溃一般是我们内存越界，类似系统不过是一个最大的应用程序。然后自己也在网上看到类似不要调用NdisMSendComplete类似的东西，这个API 通知上层驱动释放资源 等等问题，显然我NidsSend是在自己中间层调用根本没有上层，那么上层怎么释放呢！！显然就报错嘛？蓝屏还用说吗？？我发现驱动蓝屏比较恐怖的事情，这2周学习感觉还好，只要你内存操作注意点时候，基本上不会蓝屏，内存泄漏感觉只会影响驱动稳定性。

　　貌似上面的MySendPacket 里面那个

NdisAllocateBuffer( &status,
                       &pSendPacketBuffer,
                       NdisSendPacketPool,
                       pSendBuffer,
                       dwSendBufferLength );
这里应该是错误，

NdisSendPacketPool 这个句柄明显是分配Packet。
我看一下NdisAllocateBuffer 句柄应该是自己调用的VOID
  NdisAllocateBufferPool(
    OUT PNDIS_STATUS  Status,
    OUT PNDIS_HANDLE  PoolHandle,
    IN UINT  NumberOfDescriptors
    );
。。
我不知道是不是他们估计要把代码写错，如果能混用的话感觉微软就没有必要提供NdisSendPacketPool的函数了。
等我自己一个项目整体完成了，然后把代码分享出来。-----------》实现那种局域网管理软件使用ARP欺骗进行管理的核心功能。

---

前几天看到一个厉害人吧，感觉能力比较强，看他的文章他非常熟悉linux的内核。然后开发起windows驱动非常顺手，看来linux真是c/c++的乐园吧。。。
有时间还得仔细学习学习。

---

最后我贴一下我写的ptComple的函数的API 其实很简单了。。

VOID
PtSendComplete(
    IN  NDIS_HANDLE            ProtocolBindingContext,
    IN  PNDIS_PACKET           Packet,
    IN  NDIS_STATUS            Status
    )
/*++

Routine Description:

    Called by NDIS when the miniport below had completed a send. We should
    complete the corresponding upper-edge send this represents.

Arguments:

    ProtocolBindingContext - Points to ADAPT structure
    Packet - Low level packet being completed
    Status - status of send

Return Value:

    None

--*/
{
    PADAPT            pAdapt = (PADAPT)ProtocolBindingContext;
    PNDIS_PACKET      Pkt;
    NDIS_HANDLE       PoolHandle;

    PSEND_RSVD        tempRsvd;
    PNDIS_BUFFER      pMySendPacketBuffer = NULL;
    UINT              dwMySendBufferLength = ;
    PVOID              pMySendBuffer = NULL;

    tempRsvd = (PSEND_RSVD)(Packet->ProtocolReserved);
    Pkt = tempRsvd->OriginalPkt;

    if (Pkt == (PNDIS_PACKET) )
    {
        NdisUnchainBufferAtFront(Packet, &pMySendPacketBuffer);
        if (pMySendPacketBuffer)
        {
            NdisQueryBufferSafe( pMySendPacketBuffer,
                (PVOID *)&pMySendBuffer,
                &dwMySendBufferLength,
                HighPagePriority );
            if (pMySendBuffer && dwMySendBufferLength)
            {
                NdisFreeMemory(pMySendBuffer, dwMySendBufferLength, );
            }

            NdisFreeBuffer( pMySendPacketBuffer );

            NdisFreePacket(Packet);
        }
        return;
    }

#ifdef NDIS51
    //
    // Packet stacking:
    //
    // Determine if the packet we are completing is the one we allocated. If so, then
    // get the original packet from the reserved area and completed it and free the
    // allocated packet. If this is the packet that was sent down to us, then just
    // complete it
    //
    //DbgPrint("我在NDIS51发送完了");
    PoolHandle = NdisGetPoolFromPacket(Packet);
    if (PoolHandle != pAdapt->SendPacketPoolHandle)
    {
        //
        // We had passed down a packet belonging to the protocol above us.
        //
        // DBGPRINT(("PtSendComp: Adapt %p, Stacked Packet %p\n", pAdapt, Packet));

        NdisMSendComplete(pAdapt->MiniportHandle,
                          Packet,
                          Status);
    }
    else
#endif // NDIS51
    {

        PSEND_RSVD        SendRsvd;

        SendRsvd = (PSEND_RSVD)(Packet->ProtocolReserved);
        Pkt = SendRsvd->OriginalPkt;

        //DbgPrint("我没有在NDIS51调用哦，熊熊你知道了蓝屏是为什么了");

#ifndef WIN9X
        NdisIMCopySendCompletePerPacketInfo (Pkt, Packet);
#endif

        NdisDprFreePacket(Packet);

        NdisMSendComplete(pAdapt->MiniportHandle,
                                 Pkt,
                                 Status);
    }
    //
    // Decrease the outstanding send count
    //
    ADAPT_DECR_PENDING_SENDS(pAdapt);
}