iniwf

风是温柔的,雨是伤心的,云是快乐的,月是多情的,爱是迷失的,恋是醉人的,情是难忘的,天是长久的,地是永恒的

内核反编译学习笔记6 passthru静态分析

内核反编译学习笔记6

passthru静态分析

来源:passthru.sys反汇编和源代码

一,导入的模块
二,模块要使用的函数
三,函数原型
四,文件中函数列表

有源代码,反汇编比源代码更简洁,特别是总揽方面,有优势。
有兴趣的话,可以把汇编和代码对应。我已经把函数内调用函数都罗列了。

////////////////////////////////////////////////

一,导入三个模块:
import Module:ntoskrnl.exe
              HAL.dll
              NDIS.SYS

//////////////////////////////////////////////

二,每个模块导出函数:
我们有函数名,就可以bp 模块!函数  下断了。
有的函数是被宏调用的,具体可以查看ndis.h中宏的定义。

ntoskrnl.exe:
KeBugCheckEx
KeTickCount
IoGetDeviceProperty
RtlCopyUnicodeString
RtlAppendUnicodeToString
IoCreateDevice
_vsnprint f
MmMapLockedPagesSpecifyCache
IoDeleteDevice
memcpy
IofCompleteRequest
memset
RtlInitUnicodeString
DbgPring
RtlAssert
RtlUnwind

HAL.dll:
KfReleaseSpinLock
KfAcquireSpinLock

接下来是重点了,ndis专用函数
NDIS.SYS:


NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprFreePacket
NdisDeregisterProtocol
NdisIMCancelInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisFreeMemory
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisPacketPoolUsage
NdisIMDeInitializeDeviceInstance
NdisCloseAdapter
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisIMGetCurrentPacketStack
NdisRequest
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisReturnPackets
NdisGetPoolFromPacket
NdisWaitEvent
NdisResetEvent
NdisCancelSendPackets
NdisFreePacketPool
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisIMDeregisterLayeredMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisMRegisterDevice
NdisMSleep
NdisMDeregisterDevice
NdisCloseConfiguration
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter

/////////////////////////////////////
三,函数原型:呵呵

NDIS_STATUS  NdisIMNotifyPnPEvent(    IN  NDIS_HANDLE  MiniportHandle,    IN  PNET_PNP_EVENT  NetPnPEvent    );

PNDIS_PACKET   NdisGetReceivedPacket(    IN PNDIS_HANDLE  NdisBindingHandle,    IN PNDIS_HANDLE  MacContext    );

VOID  NdisDprAllocatePacket(    OUT PNDIS_STATUS  Status,    OUT PNDIS_PACKET  *Packet,    IN NDIS_HANDLE  PoolHandle    );

VOID  NdisDprFreePacket(    IN PNDIS_PACKET  Packet    );

NDIS_STATUS   NdisIMCancelInitializeDeviceInstance(    IN NDIS_HANDLE  DriverHandle,    IN PNDIS_STRING  DeviceInstance    );

VOID  NdisReEnumerateProtocolBindings(    IN NDIS_HANDLE  NdisProtocolHandle    );

VOID  NdisFreeMemory(    IN PVOID  VirtualAddress,    IN UINT  Length,    IN UINT  MemoryFlags    );

VOID  NdisOpenProtocolConfiguration(    OUT PNDIS_STATUS  Status,    OUT PNDIS_HANDLE  ConfigurationHandle,    IN PNDIS_STRING  ProtocolSection    );

VOID  NdisReadConfiguration(    OUT PNDIS_STATUS  Status,    OUT PNDIS_CONFIGURATION_PARAMETER  *ParameterValue,    IN NDIS_HANDLE  ConfigurationHandle,    IN PNDIS_STRING  Keyword,    IN NDIS_PARAMETER_TYPE  ParameterType    );

NDIS_STATUS  NdisAllocateMemoryWithTag(    OUT PVOID  *VirtualAddress,    IN UINT  Length,    IN ULONG  Tag    );

VOID  NdisInitializeEvent(    IN PNDIS_EVENT  Event    );

VOID  NdisAllocatePacketPoolEx   OUT PNDIS_STATUS  Status,    OUT PNDIS_HANDLE  PoolHandle,    IN UINT  NumberOfDescriptors,    IN UINT  NumberOfOverflowDescriptors,    IN UINT  ProtocolReservedLength    );

UINT  NdisPacketPoolUsage(    IN NDIS_HANDLE  PoolHandle    );

NDIS_STATUS  NdisIMDeInitializeDeviceInstance(    IN NDIS_HANDLE  NdisMiniportHandle    );

VOID  NdisCloseAdapter(    OUT PNDIS_STATUS  Status,    IN NDIS_HANDLE  NdisBindingHandle    );

VOID  NdisSetEvent(    IN PNDIS_EVENT  Event    );

VOID   NdisMSetAttributesEx(    IN NDIS_HANDLE MiniportAdapterHandle,    IN NDIS_HANDLE MiniportAdapterContext,    IN UINT  CheckForHangTimeInSecond OPTIONAL,    IN ULONG  AttributeFlags,    IN NDIS_INTERFACE_TYPE AdapterType    );

NDIS_HANDLE  NdisIMGetDeviceContext(    IN NDIS_HANDLE  MiniportAdapterHandle    );

VOID  NdisFreePacket(    IN PNDIS_PACKET  Packet    );

VOID  NdisIMCopySendCompletePerPacketInfo(    IN PNDIS_PACKET  DstPacket,    IN PNDIS_PACKET  SrcPacket    );

VOID  NdisIMCopySendPerPacketInfo(    IN PNDIS_PACKET  DstPacket,    IN PNDIS_PACKET  SrcPacket    );

VOID  NdisAllocatePacket(    OUT PNDIS_STATUS  Status,    OUT PNDIS_PACKET  *Packet,    IN NDIS_HANDLE  PoolHandle    );

PNDIS_PACKET_STACK  NdisIMGetCurrentPacketStack(    IN PNDIS_PACKET  Packet    OUT BOOLEAN  *StacksRemaining    );

VOID  NdisRequest(    OUT PNDIS_STATUS  Status,    IN NDIS_HANDLE  NdisBindingHandle,    IN PNDIS_REQUEST  NdisRequest    );

VOID   NdisMIndicateStatusComplete(    IN NDIS_HANDLE  MiniportAdapterHandle    );

VOID   NdisMIndicateStatus(    IN NDIS_HANDLE  MiniportAdapterHandle,    IN NDIS_STATUS  GeneralStatus,    IN PVOID  StatusBuffer,    IN UINT  StatusBufferSize    );

VOID  NdisReturnPackets(    IN PNDIS_PACKET  *PacketsToReturn,    IN UINT  NumberOfPackets    );

NDIS_Handle  NdisGetPoolFromPacket(    IN PNDIS_PACKET  Packet    );

BOOLEAN  NdisWaitEvent(    IN PNDIS_EVENT  Event,    IN UINT  MsToWait    );

VOID  NdisResetEvent(    IN PNDIS_EVENT  Event    );

VOID  NdisCancelSendPackets(    IN NDIS_HANDLE  NdisBindingHandle    IN PVOID  CancelId    );

VOID  NdisFreePacketPool(    IN NDIS_HANDLE  PoolHandle    );

VOID  NdisTerminateWrapper(    IN NDIS_HANDLE  NdisWrapperHandle,    IN PVOID  SystemSpecific    );

VOID  NdisIMAssociateMiniport(    IN NDIS_HANDLE  DriverHandle,    IN NDIS_HANDLE  ProtocolHandle    );

VOID   NdisIMDeregisterLayeredMiniport(    IN NDIS_HANDLE  DriverHandle    );

VOID  NdisRegisterProtocol(    OUT PNDIS_STATUS  Status,    OUT PNDIS_HANDLE  NdisProtocolHandle,    IN PNDIS_PROTOCOL_CHARACTERISTICS  ProtocolCharacteristics,    IN UINT  CharacteristicsLength    );

VOID  NdisMRegisterUnloadHandler(    IN NDIS_HANDLE  NdisWrapperHandle,    IN PDRIVER_UNLOAD  UnloadHandler    );

NDIS_STATUS  NdisIMRegisterLayeredMiniport(    IN NDIS_HANDLE  NdisWrapperHandle,    IN PNDIS_MINIPORT_CHARACTERISTICS  MiniportCharacteristics,    IN UINT  CharacteristicsLength,    OUT PNDIS_HANDLE  DriverHandle    );

 

NDIS_STATUS  NdisMRegisterDevice(    IN NDIS_HANDLE  NdisWrapperHandle,    IN PNDIS_STRING  DeviceName,    IN PNDIS_STRING  SymbolicName,    IN PDRIVER_DISPATCH  MajorFunctions[],    OUT PDEVICE_OBJECT  *pDeviceObject,    OUT NDIS_HANDLE  *NdisDeviceHandle    );

VOID  NdisMSleep(    IN ULONG  MicrosecondsToSleep    );

NDIS_STATUS  NdisMDeregisterDevice(    IN NDIS_HANDLE  NdisDeviceHandle    );

VOID  NdisCloseConfiguration(    IN NDIS_HANDLE  ConfigurationHandle    );

NDIS_STATUS  NdisIMInitializeDeviceInstanceEx(    IN NDIS_HANDLE  DriverHandle,    IN PNDIS_STRING  DriverInstance,    IN NDIS_HANDLE  DeviceContext  OPTIONAL    );

VOID  NdisOpenAdapter(    OUT PNDIS_STATUS  Status,    OUT PNDIS_STATUS  OpenErrorStatus,    OUT PNDIS_HANDLE  NdisBindingHandle,    OUT PUINT  SelectedMediumIndex,    IN PNDIS_MEDIUM  MediumArray,    IN UINT  MediumArraySize,    IN NDIS_HANDLE  NdisProtocolHandle,    IN NDIS_HANDLE  ProtocolBindingContext,    IN PNDIS_STRING  AdapterName,    IN UINT  OpenOptions,    IN PSTRING  AddressingInformation  OPTIONAL,    );

 

///////////////////////////////////////

四,文件中函数列表
常用的就不在函数内罗列了
NdisZeroMemory
NdisMoveMemory
NdisFreeMemory
NdisMSleep
NdisInitUnicodeString
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisFreeSpinLock
 


1,passthru.c:
   DriverEntry
     其中大概用了下面这些:
     NdisAllocateSpinLock
     NdisMInitializeWrapper
     NdisIMRegisterLayeredMiniport
     NdisRegisterProtocol
     NdisIMAssociateMiniport
    

   PtRegisterDevice

     NdisMRegisterDevice
    
   PtDispatch
     IoGetCurrentIrpStackLocation
     IoCompleteRequest
    
   PtDeregisterDevice

    
   PtUnload
     PtUnloadProtocol
     NdisIMDeregisterLayeredMiniport

    
2,miniport.c
   MPInitialize
     NdisMSetAttributesEx
     PtRegisterDevice
     NdisSetEvent

   MPSend
     NdisIMGetCurrentPacketStack
     NdisSend
     NdisAllocatePacket
     NdisFreePacket
  
   MPSendPackets
     NdisMSendComplete
     NdisIMGetCurrentPacketStack
     NdisSend
     NdisAllocatePacket
     NdisGetPacketFlags
     NdisIMCopySendPerPacketInfo
    
   MPQueryInformation
     NdisRequest
     PtRequestComplete
    
   MPQueryPNPCapabilities
    
   MPSetInformation
     MPProcessSetPowerOid
    
   MPProcessSetPowerOid
     NdisMIndicateStatus
     NdisMIndicateStatusComplete
    
   MPReturnPacket
     NdisGetPoolFromPacket
     NdisReturnPackets
     NdisFreePacket
    
   MPTransferData
     IsIMDeviceStateOn
     NdisTransferData
     PtDeregisterDevice
     NdisResetEvent
     PtDereferenceAdapt
    
   MPCancelSendPackets
     NdisCancelSendPackets
    
   MPDevicePnPEvent
    
   MPAdapterShutdown
  
   MPFreeAllPacketPools
     NdisFreePacketPool
    
3,protocol.c
   PtBindAdapter
     NdisOpenProtocolConfiguration
     NdisReadConfiguration
     NdisAllocateMemoryWithTag
     NdisInitializeEvent
     NdisAllocatePacketPoolEx
     NdisOpenAdapter
     NdisWaitEvent
     PtReferenceAdapt
     NdisInitializeEvent
     NdisIMInitializeDeviceInstanceEx
     PtDereferenceAdapt
     NdisCloseConfiguration
     NdisCloseAdapter
    
   PtOpenAdapterComplete
     NdisSetEvent
    
   PtUnbindAdapter
     PtRequestComplete
     NdisIMCancelInitializeDeviceInstance
     NdisWaitEvent
     NdisIMDeInitializeDeviceInstance
     NdisResetEvent
     NdisCloseAdapter
     NdisWaitEvent
     MPFreeAllPacketPools     
  
   PtUnloadProtocol
     NdisDeregisterProtocol
     IoDeleteDevice
    
   PtCloseAdapterComplete
     NdisSetEvent
    
   PtResetComplete
    
   PtRequestComplete
     NdisMQueryInformationComplete
     NdisMSetInformationComplete
    
   PtStatus
     NdisMIndicateStatus
    
   PtStatusComplete
     NdisMIndicateStatusComplete
    
   PtSendComplete
     NdisGetPoolFromPacket
     NdisMSendComplete
     NdisDprFreePacket
    
   PtTransferDataComplete
     NdisMTransferDataComplete
    
   PtReceive
     NdisGetReceivedPacket
     NdisDprAllocatePacket
     NdisMIndicateReceivePacket
     NdisDprFreePacket
     NdisMEthIndicateReceive
     NdisMTrIndicateReceive
     NdisMFddiIndicateReceive
    
    
   PtReceiveComplete
     KeGetCurrentProcessorNumber
     NdisMTrIndicateReceiveComplete
     NdisMFddiIndicateReceiveComplete
    
    
   PtReceivePacket
     NdisIMGetCurrentPacketStack
     NdisMIndicateReceivePacket
     NdisDprFreePacket
    
   PtPNPHandler
     PtPnPNetEventSetPower
     PtPnPNetEventReconfigure
     NdisIMNotifyPnPEvent
    
   PtPnPNetEventReconfigure
     NdisReEnumerateProtocolBindings
     NdisIMNotifyPnPEvent
    
   PtPnPNetEventSetPower
     NdisIMNotifyPnPEvent
     PtRequestComplete
     NdisPacketPoolUsage
     NdisRequest
     PtRequestComplete
    
    
   PtReferenceAdapt
     MPFreeAllPacketPools



posted on 2010-04-18 19:26 iniwf 阅读(1397) 评论(0)  编辑 收藏 引用 所属分类: 驱动反汇编


只有注册用户登录后才能发表评论。
【推荐】超50万行VC++源码: 大型组态工控、电力仿真CAD与GIS源码库
网站导航: 博客园   IT新闻   BlogJava   知识库   博问   管理


导航

统计

常用链接

留言簿(2)

随笔分类

随笔档案

收藏夹

IT技术

积分与排名

最新评论

阅读排行榜

评论排行榜