I bought the binary, and I rate the driver is fantastic 😀
I am using it to develop a firewall.
One question. If I had the source: Can I modify the source this way, that I can assign the PID of the packet-originating process to each packet? Currently am working with two drivers: 1. A self-written TDI-Filter that monitors all connections and assigns the PIDs 2. The WinpkFilter
Yes you are right This is fantastic. I think you can do this even without the source code by modifying the ndisapi.dll code. I’m not sure so you can please confirm this with the administrator….. Realy this is fantastic driver… 😀
There is no way to determine PID at the NDIS level, and actually some packets have not associated PID (packets destined to other systems which to be routed and packets generated by TCP/IP stack ARP, IGMP and others).
The only way to match packet against process is having LSP or TDI filter driver and keeping active connections table with associated PIDs. However, I should also note that LSP can be bypassed by direct acess to the TDI and itself TDI not always called in the correct process context (but it is in the most cases).