WinpkFilter

Home Forums Discussions Support Portal WinpkFilter

This topic contains 4 replies, has 3 voices, and was last updated by  Vadim Smirnov 13 years, 10 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #4824

    smilish
    Participant

    Hi,

    I bought the binary, and I rate the driver is fantastic 😀
    I am using it to develop a firewall.

    One question. If I had the source: Can I modify the source this way, that I can assign the PID of the packet-originating process to each packet? Currently am working with two drivers: 1. A self-written TDI-Filter that monitors all connections and assigns the PIDs 2. The WinpkFilter

    Thanks in advance a keep up the good work!

    #5451

    sanjeev
    Participant

    Yes you are right This is fantastic. I think you can do this even without the source code by modifying the ndisapi.dll code. I’m not sure so you can please confirm this with the administrator….. Realy this is fantastic driver… 😀

    #5452

    Vadim Smirnov
    Moderator

    There is no way to determine PID at the NDIS level, and actually some packets have not associated PID (packets destined to other systems which to be routed and packets generated by TCP/IP stack ARP, IGMP and others).

    The only way to match packet against process is having LSP or TDI filter driver and keeping active connections table with associated PIDs. However, I should also note that LSP can be bypassed by direct acess to the TDI and itself TDI not always called in the correct process context (but it is in the most cases).

    #5453

    smilish
    Participant

    Yeah, good to hear that I’ve chosen the right way. But I will buy the source anyway, because I need a customized device-object-name.

    By the way: ICMP is also diffcult to catch by a TDI-filter.

    Thank you very much for answering.

    #5454

    Vadim Smirnov
    Moderator

    But I will buy the source anyway, because I need a customized device-object-name.

    Just FYI: If you order Developer license you can request free custom build with costomized device-object-name.

    By the way: ICMP is also diffcult to catch by a TDI-filter.

    Yes this is correct, however PING request an example can be intercepted by filter over the DeviceIp.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.