Highest Voted 'wfp' Questions

3

votes

2 answers

Error including fwpmu.h in Visual Studio 2010

I'm trying to call some WFP functions from a C++ CLR class library (New Project -> Visual C++ -> CLR -> Class Library) Code: #include #include #pragma comment (lib, "fwpuclnt.lib") With only that, many include files from the…

asked May 04 '11 at 19:21

lzm

827
2
11
25

3

votes

1 answer

Windows Filtering Platform - where's my packet payload?

I've been modifying the 'inspect' WFP example (bundled with the WinDDK) with the aim of being able to parse the payload of all incoming TCP packets (from a specified IP address) for certain strings. (I've already modified 'inspect' such that only…

windows filtering platform wfp

asked Feb 22 '11 at 10:53

user628158

31
4

3

votes

1 answer

Windows Filtering Platform - How can I block incoming connections based on local port?

I'm attempting to set up some filters using WFP to block inbound connections to a local server (for example, a webserver listening on port 8080). I've got a filter working which can block based on Remote Port, so I can stop processes on my machine…

c# wfp

asked Aug 06 '14 at 21:14

Orion Edwards

121,657
64
239
328

3

votes

1 answer

What is the byte order of the IP address specified in a callout's classifyFn in WFP?

In a callout's classifyFn, one can use the following code to get the remote IP address: inFixedValues-> incomingValue[FWPS_FIELD_ALE_AUTH_CONNECT_V4_IP_REMOTE_ADDRESS].value.uint32; //…

kernel ip-address firewall endianness wfp

asked Jan 13 '13 at 11:31

xmllmx

39,765
26
162
323

3

votes

0 answers

Error Running Windows Filtering Platform Sample

I am trying to test WFP(Windows Filtering Platform) sample provided by microsoft. While testing I got error. While building it builds well: With following message: Build started: Project: package (Package\package), Configuration: Win8 Debug Win32…

c++ windows visual-studio wfp

asked Jul 13 '12 at 14:44

progrrammer

4,475
2
30
38

2

votes

1 answer

Windows Filtering Platform: Access to the the packet's payload

I'm traversing through a NET_BUFFER's MDL chain to get the associated data. The two macros that are used to indicate where the used data space begins (NET_BUFFER_DATA_OFFSET() & NET_BUFFER_CURRENT_MDL_OFFSET()) got me a little confused, as I've…

windows ndis wfp

asked Feb 02 '12 at 09:43

Assaf Levy

1,312
1
12
20

2

votes

1 answer

using Windows Filtering Platform in Kernel Driver

We recently added Windows Filtering Platform capabilities to our driver. We managed to get the information we required from the wfp with no problem, but the problem is during the boot process - eversince we added the wfp capabilities, machines…

windows driver wfp

asked Jan 03 '12 at 09:39

sternr

6,216
9
39
63

2

votes

1 answer

Per-process DNS in windows

I would like to redirect DNS requests for specific processes on Windows so that they hit a different set of DNS servers than the default ones configued for my system. I've looked into doing this, but come across some blockers. First, where do DNS…

windows winapi dns wfp

asked Jul 07 '20 at 14:06

horseyguy

29,455
20
103
145

2

votes

0 answers

Wfp connection redirection memory allocated for associating context information is not getting freed

I'm trying to make a kernel-mode callout driver that would redirect TCP traffic to a user-mode service. I've registered a callout at the FWPM_ALE_CONNECT_REDIRECT_V{4|6} layers. I am allocating memory for connection context and associating it with…

windows wfp

asked Jun 08 '20 at 05:28

Mano

49
6

2

votes

1 answer

How can I output traffic information (IP, port, etc.) to a log file using Windows Filtering Platform and Windows Driver Development Kit?

I am working on a driver using WDK that will monitor network traffic and output it to a log file. I am currently trying to modify the inspect example given in the WinDDK directory. It seems that I can't call printf, fprintf, etc. because of a…

c++ wdk wfp

asked Jan 25 '11 at 20:40

Joe Mansour

21
1

2

votes

0 answers

Windows Filtering Platform - add own layer c#

I am trying to hook outgoing connections with c#. I found this question: Windows Filtering Platform - How can I block incoming connections based on local port? But at sample some error with code and some missing classes to use. I am trying to…

windows liskov-substitution-principle wfp

asked Feb 16 '17 at 02:43

Zubastic

21
2

2

votes

1 answer

WFP ALE_CONNECT_REDIRECT layer block filter doesn't work

I am doing some work with WFP and I have the problem with blocking filter on FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 layer. It must block trafic from local ip, but it doesn't. If I change layer to FWPM_LAYER_ALE_AUTH_CONNECT_V4 filter works properly. So…

redirect filter block layer wfp

asked Jan 25 '16 at 07:06

chipic

21
4

2

votes

1 answer

Modifying the HTML request from the kernel, WFP?

I've developed a driver with "Windows Filter Platform (WFP)", the program filters the HTML and adds to the body a little string, like the mark of a company. The filter works fine, but I have a problem, when the HTTP has: Transfer-Encoding:…

html http driver alter wfp

asked Nov 13 '15 at 23:05

quetzalfir

528
7
22

2

votes

0 answers

Got "System error 2" after system reboot when specifying SERVICE_SYSTEM_START in WFP callout driver

I have a sample WFP callout driver here. It can be started and stoped by using "net start lbtest" and "net start lbtest". But when I changed the StartType from 3 (SERVICE_DEMAND_START) to 1 (SERVICE_SYSTEM_START). I can start this driver normally.…

c windows driver wfp

asked Jul 23 '15 at 05:31

hsluoyz

2,739
5
35
59

2

votes

2 answers

What are options for debugging WFP callout driver

I am new to kernel mode windows driver development and having issues getting debug information out of the WFP callout samples. I am looking for either more options or tips of what I am doing wrong with the options I have been trying. To start with I…

windows debugging windbg wfp

asked Oct 21 '14 at 20:34

Dwayne

73
7

Questions tagged [wfp]