wfp

WFP学习记录

狂风中的少年 提交于 2020-04-20 08:54:24
最近闲来无事,翻看wfp的资料,发现WFP真是好用,就是资料太稀少~好在有WDK的src目录和万能的搜索引擎. 后来发现 http://www.cnblogs.com/nevergone/archive/2013/04/05/3001765.html 挺不错的,于是就把那份代码给改了一下,做一个网络日志记录小程序. #ifndef __MAIN_H__ #define __MAIN_H__ #include <ntifs.h> #include <ip2string.h> #pragma warning(push) #pragma warning(disable: 4201) #pragma warning(disable: 4324) #include <fwpsk.h> #include <fwpmk.h> #pragma warning(pop) #define INITGUID #include <guiddef.h> // // Callout and sublayer GUIDs // DEFINE_GUID( SF_ALE_CONNECT_CALLOUT_V4, 0x76b743d4, 0x1249, 0x4610, 0xa6, 0x32, 0x6f, 0x9c, 0x4d, 0x08, 0xd2, 0x5a ); DEFINE_GUID( SF_ALE_RECV

Windows Driver Development: Deploy option missing in Visual Studio 2012

倾然丶 夕夏残阳落幕 提交于 2020-01-12 18:49:09
问题 I was trying to compile and deploy the WFP sample obtained from MSDN called msnmntr but the same problem applies to all samples. This and all samples fail to deploy because there's one step in the documentation that are missing in Visual Studio 2012 Ultimate. It says: 1) Open the property pages for your driver package. Right-click the driver package project in Solution Explorer and select Properties. 2) In the property pages for the driver package, click Configuration Properties, click Driver

Windows Driver Development: Deploy option missing in Visual Studio 2012

笑着哭i 提交于 2020-01-12 18:47:42
问题 I was trying to compile and deploy the WFP sample obtained from MSDN called msnmntr but the same problem applies to all samples. This and all samples fail to deploy because there's one step in the documentation that are missing in Visual Studio 2012 Ultimate. It says: 1) Open the property pages for your driver package. Right-click the driver package project in Solution Explorer and select Properties. 2) In the property pages for the driver package, click Configuration Properties, click Driver

Windows Filtering Platform - How can I block incoming connections based on local port?

橙三吉。 提交于 2020-01-01 17:01:55
问题 I'm attempting to set up some filters using WFP to block inbound connections to a local server (for example, a webserver listening on port 8080). I've got a filter working which can block based on Remote Port, so I can stop processes on my machine from establishing any connections to port 8080, but I can't figure out how to block incoming connections from another machine based on the local port 8080? Here's my code which works to block based on remote port: (It's C# using P/invoke but it's

Is it possible to send tcp syn packet with payload by using WFP?

谁说我不能喝 提交于 2019-12-24 17:15:17
问题 I am new to Windows Filtering Platform. Is it possible to send a tcp SYN packet with a payload by using WFP? The payload I want to send will have some secret password. My linux server will check SYN packet's payload whether it is valid or not. 回答1: Although sending data in SYN packet is possible, it is never recommended to send sensitive data. Any "bad user" who intercepts the SYN packet shall be able to initiate a connection with your secret password. 回答2: WFP or no WFP, you "can" send the

What is blocking driver installation in Windows?

こ雲淡風輕ζ 提交于 2019-12-11 23:35:40
问题 I've written a C program in Windows that uses some precompiled files from WinDivert. My program uses a .dll from WinDivert and some of the functions in the .dll install the WinDivert.sys driver. There are also a few more files from WinDivert that are a part of this (a .lib, a .inf, and another .dll). The problem is that on one of my computers (Windows 8.1 64 bit), everything works perfectly. But, when I try to use the program on my laptop (Windows 8.1 64), my friend's laptop (Windows 7 64),

WinDivert redirect to proxy

风格不统一 提交于 2019-12-10 11:18:56
问题 I'm trying to redirect all tcp packets to my local proxy to modify html content(adblocker like). I wanted to use WinDivert but it doesn't seem to work. Im starting the driver like this: handle = WinDivertOpen("outbound", WINDIVERT_LAYER_NETWORK, 0, 0); then when capturing and modifying packets: if (ip_header != NULL && tcp_header != NULL) { //redirect to proxy if (ntohs(tcp_header->DstPort) == 80) { UINT32 dst_addr = ip_header->DstAddr; ip_header->DstAddr = ip_header->SrcAddr; ip_header-

using Windows Filtering Platform in Kernel Driver

喜欢而已 提交于 2019-12-10 10:45:56
问题 We recently added Windows Filtering Platform capabilities to our driver. We managed to get the information we required from the wfp with no problem, but the problem is during the boot process - eversince we added the wfp capabilities, machines using the driver cannot boot - they get a deadlock (the computer's "stuck" in the splash screen). We figured its probably because our driver is dependent only on FltMgr and is probably loaded before the wfp framework is loaded (TcpStack?). My question

WinDivert redirect to proxy

一曲冷凌霜 提交于 2019-12-06 05:15:12
I'm trying to redirect all tcp packets to my local proxy to modify html content(adblocker like). I wanted to use WinDivert but it doesn't seem to work. Im starting the driver like this: handle = WinDivertOpen("outbound", WINDIVERT_LAYER_NETWORK, 0, 0); then when capturing and modifying packets: if (ip_header != NULL && tcp_header != NULL) { //redirect to proxy if (ntohs(tcp_header->DstPort) == 80) { UINT32 dst_addr = ip_header->DstAddr; ip_header->DstAddr = ip_header->SrcAddr; ip_header->SrcAddr = dst_addr; tcp_header->DstPort = htons(PROXY); addr.Direction = DIVERT_DIRECTION_INBOUND; } else

Windows Filtering Platform to filter HTTPS from managed code

拟墨画扇 提交于 2019-12-05 06:32:47
问题 I want to develop a host-based firewall for Windows mainly to filter URLs starting with HTTPS ! I know that Microsoft is presenting WFP as a substitution to the deprecated old techniques such as firewall/filter hooks, NDIS, TDI, WSA and Winsock 2 (LSP). But WFP does not currently support filters with hostname or URL. Also, WFP is only in C/C++ and there is no available C# wrappers in .NET. I tried @basil 's WinDivert demo app webfilter which parses packets in outbound traffic for IPv4 on TCP
订阅 wfp