(.NET) Routing to local socks proxy causes Connection Reset / Closed by Peer

Home Forums Discussions Support Portal (.NET) Routing to local socks proxy causes Connection Reset / Closed by Peer

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #11777
    VirtualSmile
    Participant

    Hello!

    I have been experimenting with this driver as a way to route game packets through a proxy. It currently goes like this: Game > Local Proxy > Remote Proxy > Game Server

    My issue is on the Remote Proxy Logs, the connection will throw “remote peer error (connection reset by peer)” or just “remote peer closed” with the connection duration lasting for only 1 second. This is not an issue with the proxy as I can use Proxifier to route game packets to the same proxy with no issues. If I test with basic TCP Connect packets, it will work fine.

    Do you know what might be causing this problem? Is the game server closing the connection because the packets have been modified?

    Thank you.

    #11778
    Vadim Smirnov
    Moderator

    Hi!

    There is a sample https://github.com/wiresock/ndisapi/tree/master/examples/cpp/socksify which redirects specified local application to the local TCP proxy and then to the specified SOCKS proxy. If I understood you right then this is what you doing in your application. I have also used similar approach in a couple of commercial projects and I can confirm that this works just fine.

    To figure out what is going wrong in your case I would capture and save the traffic to analyze. May be the packet you modified has incorrect checksum or length and thus dropped by the stack.

    #11783
    VirtualSmile
    Participant

    Hi Vadim!

    Thank you for responding so fast. I have already been through the sample before and actually used it for reference for my project (but in .NET).

    I have solved the issue – on my end, it looks like the socket connection to the proxy was closing after a few packets, and that’s why tcp ping / connect tests were working fine (as only 1 packet). Thank you again for the help.

    I have another question now, but if it’s better off being put on a new thread, let me know and I’ll make another one. Do you have any recommendations or tips on filtering by ProcessID or ProcessName? Would P/Invoke into C / C++ functions be the best way by comparing network tables? I was thinking of doing an LSP Hook via. DLL Injection to build an out-going network table but I want to avoid that due to anti cheat.

    Thank you.

    #11785
    Vadim Smirnov
    Moderator

    There are actually two ways to filter with ProcessID or ProcessName:

    • The easy one is IP Helper API. You can find the details in process_lookup.h
    • More complicated one is creating WFP callout driver to track network connections (sockets) creation/termination

    The LSP is deprecated and I’m not sure if it is supported on Windows 10.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.