I’m making a firewall with this driver. In my firewall i need to allow packets from specific applications only. can I get this information from the packet header? What application has sent this packet. Or is there a way to do this.
There is no way to determine application context on the NDIS level. Actually not all packets you see have the associated app (these are routed packets, packets generated by TCP/IP stack). However you can track active connections information with TDI filter or with LSP and use this information to determine each packet associated application.
Also in this firewall I want to block websites with specific names. Is it possible if yes how. Any example will be heighly appriciated.
You can track and modify DNS requests for these names an example…