Stack Overflow
Stack Overflow

Questions tagged [wfp]

Windows Filtering Platform (WFP) - API for creating network filtering applications.

121 questions
2
votes
1 answer

WinDivert redirect to proxy

I'm trying to redirect all tcp packets to my local proxy to modify html content(adblocker like). I wanted to use WinDivert but it doesn't seem to work. Im starting the driver like this: handle = WinDivertOpen("outbound", WINDIVERT_LAYER_NETWORK, 0,…
user2087932
  • 128
  • 2
  • 9
2
votes
1 answer

What's the difference between "Veto" and "Hard Block"?

Is the following code called "Veto", "Hard Block", or both? if (FWP_ACTION_PERMIT == classifyOut->actionType && FlagOn(classifyOut->rights, FWPS_RIGHT_ACTION_WRITE)) { classifyOut->rights = 0; classifyOut->actionType =…
xmllmx
  • 39,765
  • 26
  • 162
  • 323
2
votes
3 answers

Two-way communication between kernel-mode driver and user-mode application?

I need a two-way communication between a kernel-mode WFP driver and a user-mode application. The driver initiates the communication by passing a URL to the application which then does a categorization of that URL (Entertainment, News, Adult, etc.)…
jeffm
  • 3,120
  • 1
  • 34
  • 57
2
votes
1 answer

How to get Application Layer Packets from a URL using Windows Filtering Platform

I want to block a set of URLs using Windows Filtering Platform. I need to get the Application Layer Packets only in order to accomplish that.. Is there anyway to get the Application Level Packets?
Deepak Joy Jose
  • 103
  • 1
  • 3
  • 14
1
vote
0 answers

Windows Filtering Platform detecting & authorising outbound connections without first blocking?

Before I even start researching WFP I need to know one thing: Can I detect an outbound TCP connection attempt, pause it until the user clicks Allow/Block, and then accordingly allow it to succeed or block it? Other WFP based software such as Windows…
Monstieur
  • 7,992
  • 10
  • 51
  • 77
1
vote
1 answer

Modification of the server http responses on the client site

I want to modify all http responses (http pages): add some js into server responses before it will appears in browser. For example "Ad muncher" is doing it. It add js that removes ad from all pages. How can I do it? I known only 1 solution: WFP…
kornero
  • 1,109
  • 8
  • 11
1
vote
0 answers

Getting Notification for WFP User-Mode Filter

WFP supports adding filters through the user-mode API. My question is how can the app that adds such filter get notified when the filter action is applied. For example, if it wants to log connection blocked by the filters, etc. This is easy to…
Greg
  • 11
  • 1
1
vote
1 answer

IRQL_UNEXPECTED_VALUE BSOD after NdisFIndicateReceiveNetBufferLists?

We have an NDIS LWF driver, and only on very few systems, we get IRQL_UNEXPECTED_VALUE BSOD on the NdisFIndicateReceiveNetBufferLists, But we do not raise or lower IRQL in any part of the code, and the NdisFIndicateReceiveNetBufferLists is called in…
OneAndOnly
  • 1,048
  • 1
  • 13
  • 33
1
vote
1 answer

Redirect per-app DNS requests at the ALE_CONNECT_REDIRECT_V4 layer using WFP

I am trying to redirect DNS requests on a per-app basis using WFP (Windows Filtering Platform). I want to redirect to a public DNS server - not a local proxy. I have a callout driver at the ALE_CONNECT_REDIRECT_V4 layer. When I trace DNS requests at…
horseyguy
  • 29,455
  • 20
  • 103
  • 145
1
vote
2 answers

VPN Client using WFP

I am exploring possibility of creating a VPN client for Wireguard using WFP framework. I see many example of VPN client developed using NDIS library. I am interested doing the same using WFP. But i am not sure of the possibility and couldn't find…
Alex
  • 11
  • 2
1
vote
1 answer

WFP driver giving 0.0.0.0 as local ip address for connection

I am implementing a callout routine for WFP driver doing connection redirection. I have registered at the FWPS_LAYER_ALE_CONNECT_REDIRECT_V4 layer. Everything is working fine. When I am trying to get the local IP address for the connection, I…
Mano
  • 49
  • 6
1
vote
1 answer

FwpmFilterAdd0 failed (-2144206813)

I copied the sample program from WFP documentation. https://learn.microsoft.com/en-us/windows/win32/api/fwpmu/nf-fwpmu-fwpmtransactionbegin0 I am using VS 2015. Here is the output: Opening filter engine. Adding filter to permit traffic for…
Ashot
  • 10,807
  • 14
  • 66
  • 117
1
vote
0 answers

Can a non-elevated process use the Windows Filtering Platform (WFP)?

I cannot find any information on what kind of privileges a Windows process needs to be able to use WFP (Windows filtering platform). I assume it requires administrator privileges, as WFP allows a process to block packets in the whole system, and…
horseyguy
  • 29,455
  • 20
  • 103
  • 145
1
vote
1 answer

How do I write a function that blocks or firewalls off traffic to a website that has multiple IP addresses in Windows?

The Question: I want to write a function that has the following pseudocode signature: /** * Blocks all traffic to the given website. * * @param {String} domain The domain name of the site to block */ function blockSite (domain) { // TODO } I…
Josh Desmond
  • 640
  • 2
  • 10
  • 19
1
vote
0 answers

How do I use the WFP layer ALE_BIND_REDIRECT?

I cannot find any example code on how to use the ALE_BIND_REDIRECT Windows Filtering Platform (WFP) layer. I do need to rewrite source IPs, but I cannot figure out how to use this layer. Can someone explain how to achieve this using the…
horseyguy
  • 29,455
  • 20
  • 103
  • 145
1 2
3
8 9