When I ‘overwrite’ the dns packet, can I do this within the already allocated buffer (by winpkfilter) OR do I need to create a totally new buffer. If so I do not have a clue how …. do you have an example ?
You can do this in the already allocated buffer. Actually, packet buffer is allocated by you, passed to WinpkFilter, which copies packet data into it and returns buffer to you. You can do anything with the packet but don’t forget to adjust packet length and recalculate requred checksums (UDP and IP in case of DNS).
As for the sample, Internet Gateway makes DNS redirect, it may help a bit. However, it does not modify DNS data, only packet header.
In case of DNS hijacking the easiest way is changing IP in the DSN response packet. You are right here.