Re: How to get process which send packet in w2k

From: Marcin Zajączkowski (mszpakNO_at_SPAM.wp.pl)
Date: 09/12/04 

Date: Sun, 12 Sep 2004 12:19:51 +0200

Dnia 2004-09-10 03:23, Użytkownik Alexander Nickolov napisał:
> The only source I know of is PortUser.cpp by Gary Nebbett.
> Check it out in this thread:
>
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=vpkjdugmm8faj0a0mfdt7kcsrcelguc7f1%404ax.com&rnum=1
>
> It only works in Win2K, not in NT4, nor XP, and definitely
> not in any Win9x OSes.

Thanks for answer.

I don't have VS installed currently, so I've tried to compile it with
MinGW. After few hours I changed this code to compile under it (with two
warnings):
portuser.cpp: In function `ULONG
FindHandle(NT::_SYSTEM_HANDLE_INFORMATION*, long unsigned int, void*)':
portuser.cpp:324: warning: cast to pointer from integer of different size
portuser.cpp: In function `void Scan(const Kmem&,
      NT::_SYSTEM_HANDLE_INFORMATION*, unsigned char, _DEVICE_OBJECT*,
const CHAR*)':
portuser.cpp:378: warning: cast to pointer from integer of different size

Unfortunately it crashes in line:
if (lowmem[pfn * 0x400 + 0x300] == pfn * 0x1000 + 0x67) break;
in: ULONG Kmem::AnyPde() const.
I tried in Windows XP, could it be caused by this?
It's also possible that some my changes caused it (I had problem with
namespace NT) or MinGW istn't ideal for drivers.

I attached source code, maybe you could tell me what have I done wrong?
(I hope that server allow small attachment)

Regards
Marcin

Relevant Pages