NDIS hooking firewall

Home Forums Discussions General Discussion NDIS hooking firewall

This topic contains 4 replies, has 3 voices, and was last updated by  GeN 12 years, 10 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #4886

    Deneb
    Participant

    Hello, I have a question regarding NDIS hooking as it is presented in the sample. I’m currently writing a firewall for windows and my software has to be “Windows XP Certified”. If I’m using the standard modification of the NDIS export table in memory, will I be Windows XP Certified?…

    #5657

    Vadim Smirnov
    Moderator

    Hardly likely that NDIS-hooking driver can be WHQL, but I don’t know for sure. In any case the question of certification is usually the question of money you can pay for it. In order to avoid additional problems I think you will need to create NDIS IM driver for XP if you really need certication.

    #5658

    Deneb
    Participant

    thank you for your help. I would like to know if someone knows here – what technique use sygate, zonealarm, mcafee and othere known firewalls? I seriously doubt they use ndis IM driver. Sygate si tell to use an intermediate driver teefer.sys, but I doubt it is a real ndis intermediate driver once it detects protocol driver registrations and so on. Do they have WHQL certification?

    #5659

    Vadim Smirnov
    Moderator

    The firewalls you have mentioned use NDIS-hooks and I don’t think that their drivers are WHQL certified. An example, ZoneAlarm uses technology based on some undocumented NDIS structures which can be changed by MS anytime. Do you think that such driver can be WHQL? However, NDIS hooks is still the most effective way to desigh the firewall kernel, and that fact that MS officially don’t recommend this is not enough to stop using it.

    #5660

    GeN
    Participant

    We tried to get certified our NDIS hook driver.
    Negative. They explained us, that hooking is bad and may cause bad things … So if you wanna get certified you should find alternative way.

    @deneb wrote:

    Hello, I have a question regarding NDIS hooking as it is presented in the sample. I’m currently writing a firewall for windows and my software has to be “Windows XP Certified”. If I’m using the standard modification of the NDIS export table in memory, will I be Windows XP Certified?…

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.