- This topic has 4 replies, 3 voices, and was last updated 20 years, 3 months ago by
.
-
Posts
-
Hi,
I bought the binary, and I rate the driver is fantastic 😀
I am using it to develop a firewall.One question. If I had the source: Can I modify the source this way, that I can assign the PID of the packet-originating process to each packet? Currently am working with two drivers: 1. A self-written TDI-Filter that monitors all connections and assigns the PIDs 2. The WinpkFilter
Thanks in advance a keep up the good work!
Yes you are right This is fantastic. I think you can do this even without the source code by modifying the ndisapi.dll code. I’m not sure so you can please confirm this with the administrator….. Realy this is fantastic driver… 😀
There is no way to determine PID at the NDIS level, and actually some packets have not associated PID (packets destined to other systems which to be routed and packets generated by TCP/IP stack ARP, IGMP and others).
The only way to match packet against process is having LSP or TDI filter driver and keeping active connections table with associated PIDs. However, I should also note that LSP can be bypassed by direct acess to the TDI and itself TDI not always called in the correct process context (but it is in the most cases).
Yeah, good to hear that I’ve chosen the right way. But I will buy the source anyway, because I need a customized device-object-name.
By the way: ICMP is also diffcult to catch by a TDI-filter.
Thank you very much for answering.
But I will buy the source anyway, because I need a customized device-object-name.
Just FYI: If you order Developer license you can request free custom build with costomized device-object-name.
By the way: ICMP is also diffcult to catch by a TDI-filter.
Yes this is correct, however PING request an example can be intercepted by filter over the DeviceIp.
- You must be logged in to reply to this topic.