内核反编译学习笔记6
passthru静态分析
来源:passthru.sys反汇编和源代码
一,导入的模块
二,模块要使用的函数
三,函数原型
四,文件中函数列表
有源代码,反汇编比源代码更简洁,特别是总揽方面,有优势。
有兴趣的话,可以把汇编和代码对应。我已经把函数内调用函数都罗列了。
////////////////////////////////////////////////
一,导入三个模块:
import Module:ntoskrnl.exe
HAL.dll
NDIS.SYS
//////////////////////////////////////////////
二,每个模块导出函数:
我们有函数名,就可以bp 模块!函数 下断了。
有的函数是被宏调用的,具体可以查看ndis.h中宏的定义。
ntoskrnl.exe:
KeBugCheckEx
KeTickCount
IoGetDeviceProperty
RtlCopyUnicodeString
RtlAppendUnicodeToString
IoCreateDevice
_vsnprint f
MmMapLockedPagesSpecifyCache
IoDeleteDevice
memcpy
IofCompleteRequest
memset
RtlInitUnicodeString
DbgPring
RtlAssert
RtlUnwind
HAL.dll:
KfReleaseSpinLock
KfAcquireSpinLock
接下来是重点了,ndis专用函数
NDIS.SYS:
NdisIMNotifyPnPEvent
NdisGetReceivedPacket
NdisDprAllocatePacket
NdisDprFreePacket
NdisDeregisterProtocol
NdisIMCancelInitializeDeviceInstance
NdisReEnumerateProtocolBindings
NdisFreeMemory
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisPacketPoolUsage
NdisIMDeInitializeDeviceInstance
NdisCloseAdapter
NdisSetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisIMGetCurrentPacketStack
NdisRequest
NdisMIndicateStatusComplete
NdisMIndicateStatus
NdisReturnPackets
NdisGetPoolFromPacket
NdisWaitEvent
NdisResetEvent
NdisCancelSendPackets
NdisFreePacketPool
NdisTerminateWrapper
NdisIMAssociateMiniport
NdisIMDeregisterLayeredMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisMRegisterDevice
NdisMSleep
NdisMDeregisterDevice
NdisCloseConfiguration
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
/////////////////////////////////////
三,函数原型:呵呵
NDIS_STATUS NdisIMNotifyPnPEvent( IN NDIS_HANDLE MiniportHandle, IN PNET_PNP_EVENT NetPnPEvent );
PNDIS_PACKET NdisGetReceivedPacket( IN PNDIS_HANDLE NdisBindingHandle, IN PNDIS_HANDLE MacContext );
VOID NdisDprAllocatePacket( OUT PNDIS_STATUS Status, OUT PNDIS_PACKET *Packet, IN NDIS_HANDLE PoolHandle );
VOID NdisDprFreePacket( IN PNDIS_PACKET Packet );
NDIS_STATUS NdisIMCancelInitializeDeviceInstance( IN NDIS_HANDLE DriverHandle, IN PNDIS_STRING DeviceInstance );
VOID NdisReEnumerateProtocolBindings( IN NDIS_HANDLE NdisProtocolHandle );
VOID NdisFreeMemory( IN PVOID VirtualAddress, IN UINT Length, IN UINT MemoryFlags );
VOID NdisOpenProtocolConfiguration( OUT PNDIS_STATUS Status, OUT PNDIS_HANDLE ConfigurationHandle, IN PNDIS_STRING ProtocolSection );
VOID NdisReadConfiguration( OUT PNDIS_STATUS Status, OUT PNDIS_CONFIGURATION_PARAMETER *ParameterValue, IN NDIS_HANDLE ConfigurationHandle, IN PNDIS_STRING Keyword, IN NDIS_PARAMETER_TYPE ParameterType );
NDIS_STATUS NdisAllocateMemoryWithTag( OUT PVOID *VirtualAddress, IN UINT Length, IN ULONG Tag );
VOID NdisInitializeEvent( IN PNDIS_EVENT Event );
VOID NdisAllocatePacketPoolEx( OUT PNDIS_STATUS Status, OUT PNDIS_HANDLE PoolHandle, IN UINT NumberOfDescriptors, IN UINT NumberOfOverflowDescriptors, IN UINT ProtocolReservedLength );
UINT NdisPacketPoolUsage( IN NDIS_HANDLE PoolHandle );
NDIS_STATUS NdisIMDeInitializeDeviceInstance( IN NDIS_HANDLE NdisMiniportHandle );
VOID NdisCloseAdapter( OUT PNDIS_STATUS Status, IN NDIS_HANDLE NdisBindingHandle );
VOID NdisSetEvent( IN PNDIS_EVENT Event );
VOID NdisMSetAttributesEx( IN NDIS_HANDLE MiniportAdapterHandle, IN NDIS_HANDLE MiniportAdapterContext, IN UINT CheckForHangTimeInSeconds OPTIONAL, IN ULONG AttributeFlags, IN NDIS_INTERFACE_TYPE AdapterType );
NDIS_HANDLE NdisIMGetDeviceContext( IN NDIS_HANDLE MiniportAdapterHandle );
VOID NdisFreePacket( IN PNDIS_PACKET Packet );
VOID NdisIMCopySendCompletePerPacketInfo( IN PNDIS_PACKET DstPacket, IN PNDIS_PACKET SrcPacket );
VOID NdisIMCopySendPerPacketInfo( IN PNDIS_PACKET DstPacket, IN PNDIS_PACKET SrcPacket );
VOID NdisAllocatePacket( OUT PNDIS_STATUS Status, OUT PNDIS_PACKET *Packet, IN NDIS_HANDLE PoolHandle );
PNDIS_PACKET_STACK NdisIMGetCurrentPacketStack( IN PNDIS_PACKET Packet OUT BOOLEAN *StacksRemaining );
VOID NdisRequest( OUT PNDIS_STATUS Status, IN NDIS_HANDLE NdisBindingHandle, IN PNDIS_REQUEST NdisRequest );
VOID NdisMIndicateStatusComplete( IN NDIS_HANDLE MiniportAdapterHandle );
VOID NdisMIndicateStatus( IN NDIS_HANDLE MiniportAdapterHandle, IN NDIS_STATUS GeneralStatus, IN PVOID StatusBuffer, IN UINT StatusBufferSize );
VOID NdisReturnPackets( IN PNDIS_PACKET *PacketsToReturn, IN UINT NumberOfPackets );
NDIS_Handle NdisGetPoolFromPacket( IN PNDIS_PACKET Packet );
BOOLEAN NdisWaitEvent( IN PNDIS_EVENT Event, IN UINT MsToWait );
VOID NdisResetEvent( IN PNDIS_EVENT Event );
VOID NdisCancelSendPackets( IN NDIS_HANDLE NdisBindingHandle IN PVOID CancelId );
VOID NdisFreePacketPool( IN NDIS_HANDLE PoolHandle );
VOID NdisTerminateWrapper( IN NDIS_HANDLE NdisWrapperHandle, IN PVOID SystemSpecific );
VOID NdisIMAssociateMiniport( IN NDIS_HANDLE DriverHandle, IN NDIS_HANDLE ProtocolHandle );
VOID NdisIMDeregisterLayeredMiniport( IN NDIS_HANDLE DriverHandle );
VOID NdisRegisterProtocol( OUT PNDIS_STATUS Status, OUT PNDIS_HANDLE NdisProtocolHandle, IN PNDIS_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics, IN UINT CharacteristicsLength );
VOID NdisMRegisterUnloadHandler( IN NDIS_HANDLE NdisWrapperHandle, IN PDRIVER_UNLOAD UnloadHandler );
NDIS_STATUS NdisIMRegisterLayeredMiniport( IN NDIS_HANDLE NdisWrapperHandle, IN PNDIS_MINIPORT_CHARACTERISTICS MiniportCharacteristics, IN UINT CharacteristicsLength, OUT PNDIS_HANDLE DriverHandle );
NDIS_STATUS NdisMRegisterDevice( IN NDIS_HANDLE NdisWrapperHandle, IN PNDIS_STRING DeviceName, IN PNDIS_STRING SymbolicName, IN PDRIVER_DISPATCH MajorFunctions[], OUT PDEVICE_OBJECT *pDeviceObject, OUT NDIS_HANDLE *NdisDeviceHandle );
VOID NdisMSleep( IN ULONG MicrosecondsToSleep );
NDIS_STATUS NdisMDeregisterDevice( IN NDIS_HANDLE NdisDeviceHandle );
VOID NdisCloseConfiguration( IN NDIS_HANDLE ConfigurationHandle );
NDIS_STATUS NdisIMInitializeDeviceInstanceEx( IN NDIS_HANDLE DriverHandle, IN PNDIS_STRING DriverInstance, IN NDIS_HANDLE DeviceContext OPTIONAL );
VOID NdisOpenAdapter( OUT PNDIS_STATUS Status, OUT PNDIS_STATUS OpenErrorStatus, OUT PNDIS_HANDLE NdisBindingHandle, OUT PUINT SelectedMediumIndex, IN PNDIS_MEDIUM MediumArray, IN UINT MediumArraySize, IN NDIS_HANDLE NdisProtocolHandle, IN NDIS_HANDLE ProtocolBindingContext, IN PNDIS_STRING AdapterName, IN UINT OpenOptions, IN PSTRING AddressingInformation OPTIONAL, );
///////////////////////////////////////
四,文件中函数列表
常用的就不在函数内罗列了
NdisZeroMemory
NdisMoveMemory
NdisFreeMemory
NdisMSleep
NdisInitUnicodeString
NdisAcquireSpinLock
NdisReleaseSpinLock
NdisFreeSpinLock
1,passthru.c:
DriverEntry
其中大概用了下面这些:
NdisAllocateSpinLock
NdisMInitializeWrapper
NdisIMRegisterLayeredMiniport
NdisRegisterProtocol
NdisIMAssociateMiniport
PtRegisterDevice
NdisMRegisterDevice
PtDispatch
IoGetCurrentIrpStackLocation
IoCompleteRequest
PtDeregisterDevice
PtUnload
PtUnloadProtocol
NdisIMDeregisterLayeredMiniport
2,miniport.c
MPInitialize
NdisMSetAttributesEx
PtRegisterDevice
NdisSetEvent
MPSend
NdisIMGetCurrentPacketStack
NdisSend
NdisAllocatePacket
NdisFreePacket
MPSendPackets
NdisMSendComplete
NdisIMGetCurrentPacketStack
NdisSend
NdisAllocatePacket
NdisGetPacketFlags
NdisIMCopySendPerPacketInfo
MPQueryInformation
NdisRequest
PtRequestComplete
MPQueryPNPCapabilities
MPSetInformation
MPProcessSetPowerOid
MPProcessSetPowerOid
NdisMIndicateStatus
NdisMIndicateStatusComplete
MPReturnPacket
NdisGetPoolFromPacket
NdisReturnPackets
NdisFreePacket
MPTransferData
IsIMDeviceStateOn
NdisTransferData
PtDeregisterDevice
NdisResetEvent
PtDereferenceAdapt
MPCancelSendPackets
NdisCancelSendPackets
MPDevicePnPEvent
MPAdapterShutdown
MPFreeAllPacketPools
NdisFreePacketPool
3,protocol.c
PtBindAdapter
NdisOpenProtocolConfiguration
NdisReadConfiguration
NdisAllocateMemoryWithTag
NdisInitializeEvent
NdisAllocatePacketPoolEx
NdisOpenAdapter
NdisWaitEvent
PtReferenceAdapt
NdisInitializeEvent
NdisIMInitializeDeviceInstanceEx
PtDereferenceAdapt
NdisCloseConfiguration
NdisCloseAdapter
PtOpenAdapterComplete
NdisSetEvent
PtUnbindAdapter
PtRequestComplete