Windows防火墙与网络封包截获技术光盘源代码

///////////////////////////////////////////////////////////////////////
// Copyright （c） 2001-2002
// XStudio Technology All Right Reserved.
// Author: Tony Zhu
// 2001-7-16 Create
// summary:
//			This Program to demo the Intermediate TDI Driver.
//			This is main file. It include:
//			1. initialize function	: DriverEntry
//			2. Unload function		: PacketUnload
//			3. Dispatch function	: PacketDispatch
///////////////////////////////////////////////////////////////////////

#include 
#include 
#include 
#include “packet.h“

NTSTATUS
DriverEntry（
	IN	PDRIVER_object		Driverobject
	IN	PUNICODE_STRING		RegistryPath
）
{
	NTSTATUS	status	= 0;
    ULONG		i;

	DBGPRINT（“DriverEntry Loading...\n“）;
	Driverobject->DriverUnload = PacketUnload;

    for （i=0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++）
    {
		Driverobject->MajorFunction[i] = PacketDispatch;
    }

	status = TCPFilter_Attach（DriverobjectRegistryPath）;

	return status;
}

VOID 
PacketUnload（
	IN PDRIVER_object		Driverobject
）
{
    PDEVICE_object			Deviceobject;
    PDEVICE_object			OldDeviceobject;
	PTDIH_DeviceExtension	pTDIH_DeviceExtension;	

 	DBGPRINT（“DriverEntry unLoading...\n“）;

	Deviceobject = Driverobject->Deviceobject;

   while （Deviceobject != NULL） 
	{
        OldDeviceobject = Deviceobject;
		pTDIH_DeviceExtension	
			= （PTDIH_DeviceExtension ）Deviceobject->DeviceExtension;
		if（ pTDIH_DeviceExtension->NodeType 
			== TDIH_NODE_TYPE_TCP_FILTER_DEVICE ）
			TCPFilter_Detach（ Deviceobject ）;   // Calls IoDeleteDevice
		else
			IoDeleteDevice（OldDeviceobject）;
        Deviceobject = Deviceobject->NextDevice;
    }
}

NTSTATUS
PacketDispatch（
    IN PDEVICE_object		Deviceobject
    IN PIRP					Irp
）
{
	NTSTATUS				RC = STATUS_SUCCESS;
	PTDIH_DeviceExtension	pTDIH_DeviceExtension;
	PIO_STACK_LOCATION		IrpStack;
	PIO_STACK_LOCATION		NextIrpStack;

	pTDIH_DeviceExtension	
		= （PTDIH_DeviceExtension ）（Deviceobject->DeviceExtension）;

	IrpStack = IoGetCurrentIrpStackLocation（Irp）;

	switch（IrpStack->MajorFunction）
	{
	case IRP_MJ_CREATE:
	 	DBGPRINT（“PacketDispatch（IRP_MJ_CREATE）...\n“）;
		break;
	case IRP_MJ_CLOSE:
	 	DBGPRINT（“PacketDispatch（IRP_MJ_CLOSE）...\n“）;
		break;
	case IRP_MJ_CLEANUP:
	 	DBGPRINT（“PacketDispatch（IRP_MJ_CLEANUP）...\n“）;
		break;
	case IRP_MJ_INTERNAL_DEVICE_CONTROL:
		switch （IrpStack->MinorFunction） 
		{
		case TDI_ACCEPT:
		 	DBGPRINT（“PacketDispatch（IRP_MJ_INTERNAL_DEVICE_CONTROL\
				[TDI_ACCEPT]）...\n“）;
			break;
		case TDI_ACTION:
		 	DBGPRINT（“PacketDispatch（IRP_MJ_INTERNAL_DEVICE_CONTROL\
				[TDI_ACTION]）...\n“）;
			break;
		case TDI_ASSOCIATE_ADDRESS:
		 	DBGPRINT（“PacketDispatch（IRP_MJ_INTERNAL_DEVICE_CONTROL\
				[TDI_ASSOCIATE_ADDRESS]）...\n“）;
			break;
		case TDI_DISASSOCIATE_ADDRESS:
		 	DBGPRINT（“PacketDispatch（IRP_MJ_INTERNAL_DEVICE_CONTROL\
				[TDI_DISASSOCIATE_ADDRESS]）...\n“）;
			break;
		case TDI_CON