Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

892 lines
22 KiB

  1. /*++
  2. Copyright (c) 1993 Microsoft Corporation
  3. Module Name:
  4. ipfext.c
  5. Abstract:
  6. This file contains the generic routines and initialization code
  7. for the kernel debugger extensions dll.
  8. Author:
  9. Environment:
  10. User Mode
  11. --*/
  12. //
  13. // globals
  14. //
  15. #include <ntverp.h>
  16. #include <nt.h>
  17. #include <ntrtl.h>
  18. #include <nturtl.h>
  19. #include <windows.h>
  20. #include <wdbgexts.h>
  21. #include <stdio.h>
  22. #include <stdlib.h>
  23. #include <winsock.h>
  24. #include "..\defs.h"
  25. #include <ipexport.h>
  26. #include <ipfilter.h>
  27. #include <filter.h>
  28. #include <ipfltdrv.h>
  29. BOOL
  30. ReadFilterDriver(
  31. PFILTER_DRIVER pIf
  32. );
  33. BOOL
  34. ReadCache(
  35. DWORD dwIndex,
  36. PFILTER_INCACHE pInCache,
  37. PFILTER_OUTCACHE pOutCache
  38. );
  39. BOOL
  40. ReadFilter(
  41. PFILTER_INTERFACE pIf,
  42. DWORD dwIndex,
  43. PFILTER pFilter,
  44. BOOL bInFilter
  45. );
  46. EXT_API_VERSION ApiVersion = { 3, 5, EXT_API_VERSION_NUMBER, 0 };
  47. WINDBG_EXTENSION_APIS ExtensionApis;
  48. USHORT SavedMajorVersion;
  49. USHORT SavedMinorVersion;
  50. BOOLEAN ChkTarget;
  51. INT Item;
  52. DWORD g_dwFilterInfo;
  53. DWORD g_dwIfLink;
  54. DWORD g_dwInIndex,g_dwOutIndex;
  55. DWORD g_dwCacheSize;
  56. FILTER_INTERFACE g_if;
  57. #define CHECK_SIZE(dwRead,dwReq,bRes){ \
  58. if((dwRead) < (dwReq)) \
  59. { \
  60. dprintf("Requested %s (%d) read %d \n",#dwReq,dwReq,dwRead); \
  61. dprintf("Error in %s at %d\n",__FILE__,__LINE__); \
  62. bRes = FALSE; \
  63. } \
  64. else \
  65. { \
  66. bRes = TRUE; \
  67. } \
  68. }
  69. #define READ_MEMORY_ERROR \
  70. dprintf("Error in ReadMemory() in %s at line %d\n",__FILE__,__LINE__);
  71. DllInit(
  72. HANDLE hModule,
  73. DWORD dwReason,
  74. DWORD dwReserved
  75. )
  76. {
  77. switch (dwReason) {
  78. case DLL_THREAD_ATTACH:
  79. break;
  80. case DLL_THREAD_DETACH:
  81. break;
  82. case DLL_PROCESS_DETACH:
  83. break;
  84. case DLL_PROCESS_ATTACH:
  85. break;
  86. }
  87. return TRUE;
  88. }
  89. VOID
  90. WinDbgExtensionDllInit(
  91. PWINDBG_EXTENSION_APIS lpExtensionApis,
  92. USHORT MajorVersion,
  93. USHORT MinorVersion
  94. )
  95. {
  96. ExtensionApis = *lpExtensionApis;
  97. SavedMajorVersion = MajorVersion;
  98. SavedMinorVersion = MinorVersion;
  99. ChkTarget = SavedMajorVersion == 0x0c ? TRUE : FALSE;
  100. g_dwIfLink = 0;
  101. g_dwInIndex = g_dwOutIndex = 0;
  102. return;
  103. }
  104. DECLARE_API( version )
  105. {
  106. #if DBG
  107. PCHAR DebuggerType = "Checked";
  108. #else
  109. PCHAR DebuggerType = "Free";
  110. #endif
  111. dprintf( "%s Extension dll for Build %d debugging %s kernel for Build %d\n",
  112. DebuggerType,
  113. VER_PRODUCTBUILD,
  114. SavedMajorVersion == 0x0c ? "Checked" : "Free",
  115. SavedMinorVersion
  116. );
  117. }
  118. VOID
  119. CheckVersion(
  120. VOID
  121. )
  122. {
  123. return;
  124. #if DBG
  125. if ((SavedMajorVersion isnot 0x0c) or (SavedMinorVersion isnot VER_PRODUCTBUILD))
  126. {
  127. dprintf("\r\n*** Extension DLL(%d Checked) does not match target system(%d %s)\r\n\r\n",
  128. VER_PRODUCTBUILD, SavedMinorVersion,
  129. (SavedMajorVersion==0x0f) ? "Free" : "Checked" );
  130. }
  131. #else
  132. if ((SavedMajorVersion isnot 0x0f) || (SavedMinorVersion isnot VER_PRODUCTBUILD))
  133. {
  134. dprintf("\r\n*** Extension DLL(%d Free) does not match target system(%d %s)\r\n\r\n",
  135. VER_PRODUCTBUILD, SavedMinorVersion,
  136. (SavedMajorVersion==0x0f) ? "Free" : "Checked" );
  137. }
  138. #endif
  139. }
  140. LPEXT_API_VERSION
  141. ExtensionApiVersion(
  142. VOID
  143. )
  144. {
  145. return &ApiVersion;
  146. }
  147. //
  148. // Exported functions
  149. //
  150. DECLARE_API( help )
  151. /*++
  152. Routine Description:
  153. Command help for IP Filter debugger extensions.
  154. Arguments:
  155. None
  156. Return Value:
  157. None
  158. --*/
  159. {
  160. dprintf("\n\tIP Filter debugger extension commands:\n\n");
  161. dprintf("\tNumIf - Print the number of interfaces in the filter\n");
  162. dprintf("\tIfByIndex <index> - Print the ith interface in the list\n");
  163. dprintf("\tIfByAddr <ptr> - Print the interface with given address\n");
  164. dprintf("\tIfEnumInit - Inits the If enumerator (to 0)\n");
  165. dprintf("\tNextIf - Print the next If enumerated\n");
  166. dprintf("\tPrintCache <index> - Print the contents of the ith cache bucket\n");
  167. dprintf("\tCacheSize - Print the current cache size\n");
  168. dprintf("\tPrintPacket - Dump a packet header and first DWORD of data\n");
  169. dprintf("\tFilterEnumInit <ptr> - Inits the in and out filter enumerator for If at addr\n");
  170. dprintf("\tNextInFilter - Print the next In Filter\n");
  171. dprintf("\tNextOutFilter - Print the next Out Filter\n");
  172. dprintf("\n\tCompiled on " __DATE__ " at " __TIME__ "\n" );
  173. return;
  174. }
  175. DECLARE_API( init )
  176. {
  177. DWORD dwBytesRead, dwCacheSize;
  178. BOOL bResult;
  179. dwCacheSize = GetExpression("ipfltdrv!g_dwCacheSize");
  180. if(dwCacheSize is 0)
  181. {
  182. dprintf("Couldnt get g_dwCacheSize address from filter driver\n");
  183. return;
  184. }
  185. if(!ReadMemory(dwCacheSize,&g_dwCacheSize,sizeof(DWORD),&dwBytesRead))
  186. {
  187. dprintf("Attempted read at %x\n",dwCacheSize);
  188. READ_MEMORY_ERROR;
  189. return;
  190. }
  191. CHECK_SIZE(dwBytesRead,sizeof(DWORD),bResult);
  192. if(!bResult)
  193. {
  194. return;
  195. }
  196. g_dwFilterInfo = GetExpression("ipfltdrv!g_filters");
  197. if(g_dwFilterInfo is 0)
  198. {
  199. dprintf("Couldnt load the g_filters address from the filter driver\n");
  200. return;
  201. }
  202. else
  203. {
  204. dprintf("g_filters = %x\n",g_dwFilterInfo);
  205. }
  206. dprintf("Extension DLL successfully initialized\n");
  207. return;
  208. }
  209. DECLARE_API( numif )
  210. {
  211. DWORD dwNum = 0,dwBytesRead;
  212. DWORD dwCurrentList;
  213. FILTER_DRIVER filter;
  214. LIST_ENTRY leList;
  215. BOOL bResult;
  216. if(!ReadFilterDriver(&filter))
  217. {
  218. return;
  219. }
  220. dwCurrentList = (DWORD)filter.leIfListHead.Flink;
  221. while(dwCurrentList isnot (g_dwFilterInfo + FIELD_OFFSET(FILTER_DRIVER,leIfListHead)))
  222. {
  223. if(!ReadMemory(dwCurrentList,&leList,sizeof(LIST_ENTRY),&dwBytesRead))
  224. {
  225. dprintf("Attempted read at %x\n",dwCurrentList);
  226. READ_MEMORY_ERROR;
  227. return;
  228. }
  229. CHECK_SIZE(dwBytesRead,sizeof(LIST_ENTRY),bResult);
  230. if(!bResult)
  231. {
  232. return;
  233. }
  234. dwNum++;
  235. dwCurrentList = (DWORD)leList.Flink;
  236. }
  237. dprintf("Currently there are %d interfaces\n",dwNum);
  238. return;
  239. }
  240. DECLARE_API( ifbyindex )
  241. {
  242. DWORD dwNum = 0,dwBytesRead;
  243. DWORD dwCurrentList,dwIndex;
  244. PFILTER_INTERFACE pIf = NULL;
  245. FILTER_INTERFACE If;
  246. FILTER_DRIVER filter;
  247. LIST_ENTRY leList;
  248. BOOL bResult;
  249. if(args[0] is 0)
  250. {
  251. dprintf("!ipfext.ifbyindex <DWORD>\n");
  252. return;
  253. }
  254. sscanf(args,"%d",&dwIndex);
  255. dprintf("Printing interface# %d\n",dwIndex);
  256. if(!ReadFilterDriver(&filter))
  257. {
  258. return;
  259. }
  260. dwCurrentList = (DWORD)filter.leIfListHead.Flink;
  261. while(dwCurrentList isnot (g_dwFilterInfo + FIELD_OFFSET(FILTER_DRIVER,leIfListHead)))
  262. {
  263. if(!ReadMemory(dwCurrentList,&leList,sizeof(LIST_ENTRY),&dwBytesRead))
  264. {
  265. dprintf("Attempted read at %x\n",dwCurrentList);
  266. READ_MEMORY_ERROR;
  267. return;
  268. }
  269. CHECK_SIZE(dwBytesRead,sizeof(LIST_ENTRY),bResult);
  270. if(!bResult)
  271. {
  272. return;
  273. }
  274. dwNum++;
  275. if(dwNum is dwIndex)
  276. {
  277. pIf = CONTAINING_RECORD((PLIST_ENTRY)dwCurrentList,FILTER_INTERFACE,leIfLink);
  278. break;
  279. }
  280. dwCurrentList = (DWORD)leList.Flink;
  281. }
  282. if(pIf is NULL)
  283. {
  284. dprintf("Interface not found\n");
  285. return;
  286. }
  287. if(!ReadMemory((DWORD)pIf,&If,sizeof(FILTER_INTERFACE),&dwBytesRead))
  288. {
  289. dprintf("Attempted read at %x\n",(DWORD)pIf);
  290. READ_MEMORY_ERROR;
  291. return;
  292. }
  293. CHECK_SIZE(dwBytesRead,sizeof(FILTER_INTERFACE),bResult);
  294. if(!bResult)
  295. {
  296. return;
  297. }
  298. dprintf("Address of Interface:\t%x\n",pIf);
  299. dprintf("Next Interface at:\t%x\n",If.leIfLink);
  300. dprintf("Number Input Filters:\t%d\n",If.dwNumInFilters);
  301. dprintf("Number Output Filters:\t%d\n",If.dwNumOutFilters);
  302. dprintf("Input action:\t%s\n",(If.eaInAction is DROP)?"DROP":"FORWARD");
  303. dprintf("Output action:\t%s\n",(If.eaOutAction is DROP)?"DROP":"FORWARD");
  304. dprintf("Router Manager Context:\t%x\n",If.pvRtrMgrContext);
  305. dprintf("Router Manager Index:\t%d\n",If.dwRtrMgrIndex);
  306. return;
  307. }
  308. DECLARE_API( ifbyaddr )
  309. {
  310. DWORD pIf;
  311. FILTER_INTERFACE If;
  312. DWORD dwBytesRead;
  313. BOOL bResult;
  314. if(args[0] is 0)
  315. {
  316. dprintf("!ipfext.ifbyaddr <DWORD>\n");
  317. return;
  318. }
  319. sscanf(args,"%lx",&pIf);
  320. dprintf("Printing interface at %x\n",pIf);
  321. if(!ReadMemory(pIf,&If,sizeof(FILTER_INTERFACE),&dwBytesRead))
  322. {
  323. dprintf("Attempted read at %x\n",pIf);
  324. READ_MEMORY_ERROR;
  325. return;
  326. }
  327. CHECK_SIZE(dwBytesRead,sizeof(FILTER_INTERFACE),bResult);
  328. if(!bResult)
  329. {
  330. return;
  331. }
  332. dprintf("Next Interface at:\t%x\n",If.leIfLink);
  333. dprintf("Number Input Filters:\t%d\n",If.dwNumInFilters);
  334. dprintf("Number Output Filters:\t%d\n",If.dwNumOutFilters);
  335. dprintf("Input action:\t%s\n",(If.eaInAction is DROP)?"DROP":"FORWARD");
  336. dprintf("Output action:\t%s\n",(If.eaOutAction is DROP)?"DROP":"FORWARD");
  337. dprintf("Router Manager Context:\t%x\n",If.pvRtrMgrContext);
  338. dprintf("Router Manager Index:\t%d\n",If.dwRtrMgrIndex);
  339. return;
  340. }
  341. DECLARE_API( ifenuminit )
  342. {
  343. FILTER_DRIVER filter;
  344. g_dwIfLink = 0;
  345. if(!ReadFilterDriver(&filter))
  346. {
  347. return;
  348. }
  349. if(filter.leIfListHead.Flink is (PLIST_ENTRY)(g_dwFilterInfo +
  350. FIELD_OFFSET(FILTER_DRIVER,leIfListHead)))
  351. {
  352. dprintf("No interfaces\n");
  353. return;
  354. }
  355. g_dwIfLink = (DWORD)filter.leIfListHead.Flink;
  356. dprintf("Enumerator Initialized\n");
  357. return;
  358. }
  359. DECLARE_API( nextif )
  360. {
  361. PFILTER_INTERFACE pIf;
  362. FILTER_INTERFACE If;
  363. BOOL bResult;
  364. DWORD dwBytesRead;
  365. if(g_dwIfLink is 0)
  366. {
  367. dprintf("Enumerator not initialized");
  368. return;
  369. }
  370. if(g_dwIfLink is (g_dwFilterInfo + FIELD_OFFSET(FILTER_DRIVER,leIfListHead)))
  371. {
  372. dprintf("No more interfaces to enumerate\n");
  373. return;
  374. }
  375. pIf = CONTAINING_RECORD((PLIST_ENTRY)g_dwIfLink,FILTER_INTERFACE,leIfLink);
  376. if(!ReadMemory((DWORD)pIf,&If,sizeof(FILTER_INTERFACE),&dwBytesRead))
  377. {
  378. dprintf("Attempted read at %x\n",(DWORD)pIf);
  379. READ_MEMORY_ERROR;
  380. return;
  381. }
  382. CHECK_SIZE(dwBytesRead,sizeof(FILTER_INTERFACE),bResult);
  383. if(!bResult)
  384. {
  385. return;
  386. }
  387. dprintf("Address of Interface:\t%x\n",pIf);
  388. dprintf("Next Interface at:\t%x\n",If.leIfLink);
  389. dprintf("Number Input Filters:\t%d\n",If.dwNumInFilters);
  390. dprintf("Number Output Filters:\t%d\n",If.dwNumOutFilters);
  391. dprintf("Input action:\t%s\n",(If.eaInAction is DROP)?"DROP":"FORWARD");
  392. dprintf("Output action:\t%s\n",(If.eaOutAction is DROP)?"DROP":"FORWARD");
  393. dprintf("Router Manager Context:\t%x\n",If.pvRtrMgrContext);
  394. dprintf("Router Manager Index:\t%d\n",If.dwRtrMgrIndex);
  395. g_dwIfLink = (DWORD)If.leIfLink.Flink;
  396. return;
  397. }
  398. DECLARE_API( printcache )
  399. {
  400. struct in_addr addr;
  401. BYTE bIpAddr1[20], bIpAddr2[20];
  402. FILTER_DRIVER filter;
  403. DWORD dwBytesRead;
  404. FILTER_INCACHE inCache;
  405. FILTER_OUTCACHE outCache;
  406. DWORD dwIndex;
  407. if(args[0] is 0)
  408. {
  409. dprintf("!ipfext.printcache <DWORD>\n");
  410. return;
  411. }
  412. sscanf(args,"%d",&dwIndex);
  413. if(dwIndex >= g_dwCacheSize)
  414. {
  415. printf("Cache size is %\n",g_dwCacheSize);
  416. return;
  417. }
  418. if(!ReadCache(dwIndex,&inCache,&outCache))
  419. {
  420. return;
  421. }
  422. dprintf("In Cache for Bucket %d\n",dwIndex);
  423. addr.s_addr = inCache.uliSrcDstAddr.LowPart;
  424. strcpy(bIpAddr1,inet_ntoa(addr));
  425. addr.s_addr = inCache.uliSrcDstAddr.HighPart;
  426. strcpy(bIpAddr2,inet_ntoa(addr));
  427. dprintf("Addr - Source:\t%s\tDest:\t%d\n",bIpAddr1,bIpAddr2);
  428. dprintf("Protocol:\t%d\n",inCache.uliProtoSrcDstPort.LowPart);
  429. dprintf("Port - Source:\t%hd\tDest:\t%hd\n",
  430. LOWORD(inCache.uliProtoSrcDstPort.HighPart),
  431. HIWORD(inCache.uliProtoSrcDstPort.HighPart));
  432. dprintf("Context - In:\t%x\tOut:\t%x\n",
  433. inCache.pInContext,
  434. inCache.pOutContext);
  435. dprintf("Action - In:\t%s\tOut:\t%s\n",
  436. ((inCache.eaInAction is DROP)?"DROP":"FORWARD"),
  437. ((inCache.eaOutAction is DROP)?"DROP":"FORWARD"));
  438. dprintf("Out Cache for Bucket %d\n",dwIndex);
  439. addr.s_addr = outCache.uliSrcDstAddr.LowPart;
  440. strcpy(bIpAddr1,inet_ntoa(addr));
  441. addr.s_addr = outCache.uliSrcDstAddr.HighPart;
  442. strcpy(bIpAddr2,inet_ntoa(addr));
  443. dprintf("Addr - Source:\t%s\tDest:\t%d\n",bIpAddr1,bIpAddr2);
  444. dprintf("Protocol:\t%d\n",outCache.uliProtoSrcDstPort.LowPart);
  445. dprintf("Port - Source:\t%hd\tDest:\t%hd\n",
  446. LOWORD(outCache.uliProtoSrcDstPort.HighPart),
  447. HIWORD(outCache.uliProtoSrcDstPort.HighPart));
  448. dprintf("Context:\t%x\n",outCache.pOutContext);
  449. dprintf("Action:\t%s\n",((outCache.eaOutAction is DROP)?"DROP":"FORWARD"));
  450. return;
  451. }
  452. DECLARE_API( cachesize )
  453. {
  454. dprintf("Cache size is %d\n",g_dwCacheSize);
  455. return;
  456. }
  457. DECLARE_API( printpacket )
  458. {
  459. DWORD dwHdrAddr,dwBytesRead,i,j,k;
  460. BYTE pPacket[sizeof(IPHeader)+2*sizeof(DWORD)];
  461. BOOL bResult;
  462. if(args[0] is 0)
  463. {
  464. dprintf("!ipfext.printpacket <DWORD>\n");
  465. return;
  466. }
  467. sscanf(args,"%lx",&dwHdrAddr);
  468. if(!ReadMemory(dwHdrAddr,pPacket,sizeof(IPHeader)+2*sizeof(DWORD),&dwBytesRead))
  469. {
  470. dprintf("Attempted read at %x\n",dwHdrAddr);
  471. READ_MEMORY_ERROR;
  472. return;
  473. }
  474. CHECK_SIZE(dwBytesRead,sizeof(IPHeader)+2*sizeof(DWORD),bResult);
  475. if(!bResult)
  476. {
  477. return;
  478. }
  479. k = 0;
  480. for(i = 0; i < 5; i++)
  481. {
  482. for(j = 0; j < 4; j++)
  483. {
  484. dprintf("%02x",pPacket[k++]);
  485. }
  486. dprintf("\n");
  487. }
  488. dprintf("--Data--\n");
  489. dprintf("%02x%02x%02x%02x\n",pPacket[k],pPacket[k+1],pPacket[k+2],pPacket[k+3]);
  490. return;
  491. }
  492. DECLARE_API( filterenuminit )
  493. {
  494. DWORD pIf;
  495. DWORD dwBytesRead;
  496. BOOL bResult;
  497. if(args[0] is 0)
  498. {
  499. dprintf("!ipfext.filterenuminit <DWORD>\n");
  500. return;
  501. }
  502. sscanf(args,"%lx",&pIf);
  503. dprintf("Enum for interface at %x\n",pIf);
  504. g_dwInIndex = g_dwOutIndex = 0;
  505. if(!ReadMemory(pIf,&g_if,sizeof(FILTER_INTERFACE),&dwBytesRead))
  506. {
  507. dprintf("Attempted read at %x\n",pIf);
  508. READ_MEMORY_ERROR;
  509. return;
  510. }
  511. CHECK_SIZE(dwBytesRead,sizeof(FILTER_INTERFACE),bResult);
  512. if(!bResult)
  513. {
  514. return;
  515. }
  516. dprintf("Enumerator Initialized\n");
  517. return;
  518. }
  519. DECLARE_API( nextinfilter )
  520. {
  521. struct in_addr addr;
  522. BYTE bIpAddr1[20], bIpAddr2[20];
  523. FILTER inFilter;
  524. if(g_dwInIndex >= g_if.dwNumInFilters)
  525. {
  526. dprintf("End of in filter set\n");
  527. return;
  528. }
  529. if(!ReadFilter(&g_if,g_dwInIndex,&inFilter,TRUE))
  530. {
  531. return;
  532. }
  533. addr.s_addr = inFilter.uliSrcDstAddr.LowPart;
  534. strcpy(bIpAddr1,inet_ntoa(addr));
  535. addr.s_addr = inFilter.uliSrcDstAddr.HighPart;
  536. strcpy(bIpAddr2,inet_ntoa(addr));
  537. dprintf("Addr - Source:\t%s\t\tDest:\t%d\n",bIpAddr1,bIpAddr2);
  538. addr.s_addr = inFilter.uliSrcDstMask.LowPart;
  539. strcpy(bIpAddr1,inet_ntoa(addr));
  540. addr.s_addr = inFilter.uliSrcDstMask.HighPart;
  541. strcpy(bIpAddr2,inet_ntoa(addr));
  542. dprintf("Mask - Source:\t%s\t\tDest:\t%d\n",bIpAddr1,bIpAddr2);
  543. dprintf("Protocol:\t%d\n",inFilter.uliProtoSrcDstPort.LowPart);
  544. dprintf("Port - Source:\t%hd\tDest:\t%hd\n",
  545. LOWORD(inFilter.uliProtoSrcDstPort.HighPart),
  546. HIWORD(inFilter.uliProtoSrcDstPort.HighPart));
  547. dprintf("Protocol Mask:\t%x\n",inFilter.uliProtoSrcDstMask.LowPart);
  548. dprintf("Port Mask:\t%x\n",inFilter.uliProtoSrcDstMask.HighPart);
  549. g_dwInIndex++;
  550. return;
  551. }
  552. DECLARE_API( nextoutfilter )
  553. {
  554. struct in_addr addr;
  555. BYTE bIpAddr1[20], bIpAddr2[20];
  556. FILTER outFilter;
  557. if(g_dwOutIndex >= g_if.dwNumOutFilters)
  558. {
  559. dprintf("End of out filter set\n");
  560. return;
  561. }
  562. if(!ReadFilter(&g_if,g_dwOutIndex,&outFilter,FALSE))
  563. {
  564. return;
  565. }
  566. addr.s_addr = outFilter.uliSrcDstAddr.LowPart;
  567. strcpy(bIpAddr1,inet_ntoa(addr));
  568. addr.s_addr = outFilter.uliSrcDstAddr.HighPart;
  569. strcpy(bIpAddr2,inet_ntoa(addr));
  570. dprintf("Addr - Source:\t%s\tDest:\t%d\n",bIpAddr1,bIpAddr2);
  571. addr.s_addr = outFilter.uliSrcDstMask.LowPart;
  572. strcpy(bIpAddr1,inet_ntoa(addr));
  573. addr.s_addr = outFilter.uliSrcDstMask.HighPart;
  574. strcpy(bIpAddr2,inet_ntoa(addr));
  575. dprintf("Mask - Source:\t%s\tDest:\t%d\n",bIpAddr1,bIpAddr2);
  576. dprintf("Protocol:\t%d\n",outFilter.uliProtoSrcDstPort.LowPart);
  577. dprintf("Port - Source:\t%hd\tDest:\t%hd\n",
  578. LOWORD(outFilter.uliProtoSrcDstPort.HighPart),
  579. HIWORD(outFilter.uliProtoSrcDstPort.HighPart));
  580. dprintf("Protocol Mask:\t%x\n",outFilter.uliProtoSrcDstMask.LowPart);
  581. dprintf("Port Mask:\t%x\n",outFilter.uliProtoSrcDstMask.HighPart);
  582. g_dwOutIndex++;
  583. return;
  584. }
  585. BOOL
  586. ReadCache(
  587. DWORD dwIndex,
  588. PFILTER_INCACHE pInCache,
  589. PFILTER_OUTCACHE pOutCache
  590. )
  591. {
  592. FILTER_DRIVER filter;
  593. DWORD dwCacheAddr,dwCacheAddrAddr;
  594. DWORD dwBytesRead;
  595. BOOL bResult;
  596. if(!ReadFilterDriver(&filter))
  597. {
  598. return FALSE;
  599. }
  600. dwCacheAddrAddr = (DWORD)(filter.pInCache) + (dwIndex * sizeof(PFILTER_INCACHE));
  601. if(!ReadMemory(dwCacheAddrAddr,&dwCacheAddr,sizeof(DWORD),&dwBytesRead))
  602. {
  603. dprintf("Attempted read at %x\n",dwCacheAddrAddr);
  604. READ_MEMORY_ERROR;
  605. return FALSE;
  606. }
  607. CHECK_SIZE(dwBytesRead,sizeof(DWORD),bResult);
  608. if(!bResult)
  609. {
  610. return FALSE;
  611. }
  612. if(!ReadMemory(dwCacheAddr,pInCache,sizeof(FILTER_INCACHE),&dwBytesRead))
  613. {
  614. dprintf("Attempted read at %x\n",dwCacheAddr);
  615. READ_MEMORY_ERROR;
  616. return FALSE;
  617. }
  618. CHECK_SIZE(dwBytesRead,sizeof(FILTER_INCACHE),bResult);
  619. if(!bResult)
  620. {
  621. return FALSE;
  622. }
  623. dwCacheAddrAddr = (DWORD)(filter.pOutCache) + (dwIndex * sizeof(PFILTER_OUTCACHE));
  624. if(!ReadMemory(dwCacheAddrAddr,&dwCacheAddr,sizeof(DWORD),&dwBytesRead))
  625. {
  626. dprintf("Attempted read at %x\n",dwCacheAddrAddr);
  627. READ_MEMORY_ERROR;
  628. return FALSE;
  629. }
  630. CHECK_SIZE(dwBytesRead,sizeof(DWORD),bResult);
  631. if(!bResult)
  632. {
  633. return FALSE;
  634. }
  635. if(!ReadMemory(dwCacheAddr,pOutCache,sizeof(FILTER_OUTCACHE),&dwBytesRead))
  636. {
  637. dprintf("Attempted read at %x\n",dwCacheAddr);
  638. READ_MEMORY_ERROR;
  639. return FALSE;
  640. }
  641. CHECK_SIZE(dwBytesRead,sizeof(FILTER_OUTCACHE),bResult);
  642. if(!bResult)
  643. {
  644. return FALSE;
  645. }
  646. return TRUE;
  647. }
  648. BOOL
  649. ReadFilterDriver(
  650. PFILTER_DRIVER pIf
  651. )
  652. {
  653. DWORD dwBytesRead;
  654. BOOL bResult;
  655. if(!ReadMemory(g_dwFilterInfo,pIf,sizeof(FILTER_DRIVER),&dwBytesRead))
  656. {
  657. dprintf("Attempted read at %x\n",g_dwFilterInfo);
  658. READ_MEMORY_ERROR;
  659. return FALSE;
  660. }
  661. CHECK_SIZE(dwBytesRead,sizeof(FILTER_DRIVER),bResult);
  662. if(!bResult)
  663. {
  664. return FALSE;
  665. }
  666. return TRUE;
  667. }
  668. BOOL
  669. ReadFilter(
  670. PFILTER_INTERFACE pIf,
  671. DWORD dwIndex,
  672. PFILTER pFilter,
  673. BOOL bInFilter
  674. )
  675. {
  676. DWORD dwFilterAddr;
  677. DWORD dwBytesRead;
  678. BOOL bResult;
  679. if(bInFilter)
  680. {
  681. dwFilterAddr = (DWORD)(pIf->pInFilterSet) + (dwIndex * sizeof(FILTER));
  682. }
  683. else
  684. {
  685. dwFilterAddr = (DWORD)(pIf->pOutFilterSet) + (dwIndex * sizeof(FILTER));
  686. }
  687. if(!ReadMemory(dwFilterAddr,pFilter,sizeof(FILTER),&dwBytesRead))
  688. {
  689. dprintf("Attempted read at %x\n",dwFilterAddr);
  690. READ_MEMORY_ERROR;
  691. return FALSE;
  692. }
  693. CHECK_SIZE(dwBytesRead,sizeof(FILTER),bResult);
  694. if(!bResult)
  695. {
  696. return FALSE;
  697. }
  698. return TRUE;
  699. }