Regarding the solution to the application layer to extract the NDIS driver packet loss, add the intercepted network packet to achieve the intercepted network package through Event, and many times the information of the package or the package will be displayed through the Win32 layer. Many people think that the method is Event plus IOCTL, but this is easy to generate a problem of packet loss, because the network accepts the speed of the sending packet than Event and IOCTL speed, that is, when an EVENT is sent to the Win32 layer, the Win32 layer gets data through DeviceIocontrol. At the time, how much the buffer that originally defined in advance has been covered.
(The solution is simple, no need to write, just before I start school, I will post it from myself, even the code is posted here. Now I seem to be stupid, I want to delete it, I am not shameful, but I want to delete it. I still found that someone searching for the nearest source, I'm trying to delete the code, I'm rereading some.)
Probably this look, first drive yourself to create a queue to store the acquired packet, lock access to the queue to ensure synchronization. At the same time, the EVENT mechanism just said, and each time RING3 gets the EVENT signal, visit the queue, has been visiting the queue as an air return, continuing the signal, so repeated, the personal machine is no problem.
