我有一个过滤器(轻量级过滤器,LWF)驱动程序,可以捕获来自所有适配器的数据包。 FilterClass为compression,与官方ndislwf示例相同。此设置会将过滤器绑定在Native Wifi Filter上方。
但是,此FilterClass只能捕获无线适配器上的以太网数据包。所以我希望它能够在无线适配器上捕获原始的802.11数据包。所以我需要在INF中将FilterClass指定为ms_medium_converter_128。此设置会将过滤器绑定在Native Wifi Filter下方。
所以我现在需要两个司机。一个是compression,另一个是ms_medium_converter_128。但我不想维护两个驱动程序的代码,让我的用户安装两个驱动程序。有没有办法将两个LWF混合成一个二进制文件(只需要一次安装)?或者有没有办法让一个LWF能够同时在Native Wifi Filter之上和之下绑定?谢谢!
这是我的整个INF与compression FilterClass:
;-------------------------------------------------------------------------
; NPF.INF -- Npcap NDIS 6.x LightWeight Filter Driver
;
; Copyright (c) 2015, Insecure.Com LLC. All rights reserved.
;------------------------------------------------------------------------
[version]
Signature = "$Windows NT$"
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
CatalogFile = %NPF_DriverName%.cat
Provider = %Insecure%
DriverVer=05/20/2016,15.54.30.752
[Manufacturer]
%Insecure%=Insecure,NTx86,NTia64,NTamd64
[Insecure.NTx86]
%NPF_Desc%=Install, INSECURE_NPF
[Insecure.NTia64]
%NPF_Desc%=Install, INSECURE_NPF
[Insecure.NTamd64]
%NPF_Desc%=Install, INSECURE_NPF
;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000
NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501340}"
Copyfiles = npf.copyfiles.sys
[SourceDisksNames]
1=%NPF_Desc%,"",,
[SourceDisksFiles]
npf.sys=1
[DestinationDirs]
DefaultDestDir=12
npf.copyfiles.sys=12
[npf.copyfiles.sys]
%NPF_DriverName%.sys,,,2
;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR, Ndi,Service,,%NPF_DriverName%
HKR, Ndi,CoServices,0x00010000,%NPF_DriverName%
HKR, Ndi,HelpText,,%NPF_HelpText%
HKR, Ndi,FilterClass,, compression
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange, , noupper
HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
AddService=%NPF_DriverName%,,NPF_Service_Inst
[NPF_Service_Inst]
DisplayName = %NPF_Desc%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\%NPF_DriverName%.sys
LoadOrderGroup = NDIS
Description = %NPF_Desc%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
[Install.Remove.Services]
DelService=%NPF_DriverName%,0x200 ; SPSVCINST_STOPSERVICE
[Common.Params.reg]
[NdisImPlatformBindingOptions.reg]
; By default, when an LBFO team or Bridge is created, all filters will be
; unbound from the underlying members and bound to the TNic(s). This keyword
; allows a component to opt out of the default behavior
; To prevent binding this filter to the TNic(s):
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
; To prevent unbinding this filter from underlying members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
; To prevent both binding to TNic and unbinding from members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or unbind from Members
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior
[Strings]
NPF_DriverName = "npf"
Insecure = "Nmap Project"
NPF_Desc = "Npcap Packet Driver (NPCAP)"
NPF_HelpText = "A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"