2005年06月06日

这段时间真是颓废,又被自己打败了,,想找地方发泄有没有,也不能,,,心里想着临渊羡鱼不如退而结网,却迟迟没有行动,,,,我知道快到期末了,,不能每次都被打败,,!!

废话不多说了

对了,明天就是高考了,,,,我已经过来了2年了

2005年06月03日

准备用TDI来做一个后门,

在上面看到的:

So that networking API drivers don’t need to employ various interfaces for each transport protocol they might want to use, Microsoft established the Transport Driver Interface (TDI) standard. As mentioned earlier in this chapter, a TDI interface is essentially a convention for the way network requests format into IRPs and for the way network addresses and communications are allocated. Transport protocols that adhere to the TDI standard export the TDI interface to their clients, which include networking API drivers such as AFD and the redirector. A transport protocol implemented as a Windows device driver is known as a TDI transport. Because TDI transports are device drivers, they format requests they receive from clients as IRPs.

Support functions in the \Windows\System32\Drivers\Tdi.sys library, along with definitions developers include in their drivers, make up the TDI interface. The TDI programming model is very similar to that of Winsock. A TDI client executes the following steps to establish a connection with a remote server:

  1. The client allocates and formats an address open TDI IRP to allocate an address. The TDI transport returns a file object, which is known as an address object, that represents the address. This step is the equivalent of using the bind Winsock function.

  2. The client then allocates and formats a connection open TDI IRP, and the TDI transport returns a file object, which is known as a connection object, that represents the connection. This step is the equivalent of the use of the Winsock socket function.

  3. The client associates the connection object to the address object with an associate address TDI IRP. (There’s no equivalent to this step in Winsock.)

  4. A TDI client that accepts remote connections issues a listen TDI IRP specifying the number of connections supported for a connection object and then issues an accept TDI IRP, which completes when a remote system establishes a connection (or an error occurs). These operations are equivalent to the use of the Winsock listen and accept functions.

  5. A TDI client that wants to establish a connection with a remote server issues a connect TDI IRP, specifying the connection object, that the TDI transport completes when a connection is established (or an error occurs). Issuing a connect TDI IRP is the equivalent of using the connect Winsock function.

TDI also supports connectionless communications for connectionless protocols such as UDP. In addition, TDI provides a means whereby a TDI client can register event callbacks (that is, functions that are directly invoked) with TDI transports. When it receives data from across the network, a TDI transport can invoke a registered client receive callback, for example. This event-based callback feature of TDI allows the TDI transport to notify its clients of network events, and clients that rely on event callbacks don’t need to preallocate resources such as buffers when receiving network data because they can view the contents of the buffers supplied by a TDI protocol driver.

回头再找ddk上看看有没有例子再,这两天郁闷..