Reply To: WinpkFilter

Home Forums Discussions Support Portal WinpkFilter Reply To: WinpkFilter

#5452

Vadim Smirnov
Moderator

There is no way to determine PID at the NDIS level, and actually some packets have not associated PID (packets destined to other systems which to be routed and packets generated by TCP/IP stack ARP, IGMP and others).

The only way to match packet against process is having LSP or TDI filter driver and keeping active connections table with associated PIDs. However, I should also note that LSP can be bypassed by direct acess to the TDI and itself TDI not always called in the correct process context (but it is in the most cases).