WinpktFilter hooking vs intermediate driver

Home Forums Discussions Support Portal WinpktFilter hooking vs intermediate driver

This topic contains 3 replies, has 3 voices, and was last updated by  Vadim Smirnov 11 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #4992

    Tomas
    Participant

    Hi. Could you, please, shortly explain any disadvantages of intermediate NDIS filter driver compared to IM filter? In other words, if I have to use Intermediate filter version for x64 operating systems, is there any good reason why to use hooking driver on x86 systems, or is better also to use IM filter here? I’ll have to support also older OS, like NT4. Thanks

    #5962

    Vadim Smirnov
    Moderator

    I would not recommend using IM drivers on the legacy systems NT4, 9x/ME because these OS’s have a poor support for this type of drivers (various problems were many discussed in the developers community). Since Windows 2000 IM drivers support was improved and in general you can use IM drivers for 2000/XP/2003 instead NDIS hooking ones. But here is another disadvantage, you have to sign your drivers with MS (expensive and you have to do signing each time you rebuild driver) if you don’t want users to be warned about unsigned “dangerous” driver many times during installation process. These warnings can be relatively easily disabled on the most modern Windows XP SP2 and Server 2003 (including x64 versions) and you can find the required script in the WinpkFilter x64 installation. However, this is problem to do the same for the earlier OS’s because of bugs in the relative MS code. We had to use IM drivers for x64 because of new patching policy from MS (it detects patching NDIS and BSOD the system), however we plan to release NDIS hooking version for x64 which will also disable patch guard.

    Also, with NDIS hooking driver you get more flexibility (an example one our customer needed to see adapters and filter packets below MS Ethernet Bridge in Windows XP, this is easily doable with NDIS hooking driver but can’t say the same for the IM). The only disadvantage of NDIS hook is a chance for the incompatibility with another NDIS hook solution…

    #5963

    smilish
    Participant

    I do understand. But what about Vista?

    Thanks
    Frank

    #5964

    Vadim Smirnov
    Moderator

    I do understand. But what about Vista?

    In addition to NDIS hooking and IM drivers Vista is expected to introduce new packet filtering capabilities (Windows Packet Filtering framework). So in general there will be even more options.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.