Forum Replies Created
-
Posts
-
Windows Packet Filter Kit 3.2.6 released:
- Added special reserved pool for packets handled in kernel mode (these are packets which are not supposed to be redirected to user mode application for further processing: passed/blocked according loaded filters and collected from non-tunneled network interfaces). This feature seriously improves remote debugging capabilities for WinpkFilter based applications. An example, if you debug over RDP and your application load static filters to pass RDP connections prior putting network interface into the tunnel mode then you can safely put breakpoints in the packet processing thread, suspend it, analyze individual packets without a risk to be disconnected.
- Fixed Visual Studio 2015 compiler errors when building WinpkFilter NDIS 6.x Lightweight Filter drivers
If you are eligible for a free update, please send the following details to [email protected] tо receive an update instruction:
- Your order ID.
- An approximate date of purchasing.
Windows Packet Filter 3.2.5 released:
- Fixed NDIS-hooking driver on Windows XP crash
- Fixed issue with NDIS Lightweight Filter driver (driver bypassed some packets without analyses in low memory resources state)
If you are eligible for a free update, please send the following details to [email protected] tо receive an update instruction:
- Your order ID.
- An approximate date of purchasing.
This information is not available on driver level, however you can use IP Helper API to retrieve information about network adapters (GetAdaptersInfo) and associate with adapters returned from WinpkFilter using AdapterName (GUID) or Address (MAC address). Also suchinformation can be fetched from the registry directly.
Windows Packet Filter 3.2.4 released:
Installer:
- Windows XP Embedded installation fix (Embedded required NDIS IM driver to be present in WINDIR)
- Silent installation support with /S switch
Internet Gateway sample:
- Fixed packet multiplication issue caused by combination of Wireshark, loopback packet indications and single interface routing
Driver:
- Built-in filters performance optimization
- Adapter list change event fix (removed time gap between event and actual change of the list)
- Possible memory leak issue fixed
- INF file for LWF changed to bind below and above Ethernet bridge
- Fixed incorrect field alignment in NDISHK_PACKET
- Fixed NDIS 5.1 IM DriverVerifyer crash
- Fixed issue with network interface MTU configuration changes
If you are eligible for a free update, please send the following details to [email protected] tо receive an update instruction:
- Your order ID.
- An approximate date of purchasing.
This action simply means that packet should be sent to your user-mode application for processing. Please refer filter.cpp for the filtering sample patterns.
WWWCENSOR is just a simple sample application which demonstrates how certain connections can be selected and blocked. It’s primary audience are developers, not end users. If you think to use WWWCENSOR as a base for your content filtering application then you can trace its code with the sites where it does not work and check why these sites are passed.
Anyway, I have an idea why it may not work in some cases you noticed. WWWCENSOR uses single byte ASCII encoding when searching for the pattern to block. If the web-page content is UNICODE encoded, an example, then it won’t be able to find it. As I have mentioned above this is just a simple sample.
Hi Matt,
I ndisapi.cs ETH_M_REQUEST is defined with constant array size 256, but this is only to avoid writing complex marshaling code for the variable array size. You can change this constant to any of your choice.
-Vadim
Hi Matt,
I did not have much to continue testing with Windows 10 yet. The second reason is that Windows 10 IoT does not yet support all the features it is supposed to, so it may be time wasting to test before release. However, I do plan to continue the research.
-Vadim
I have played a little with Windows 10 on Raspberry Pi 2 over the weekend. The good news is that yes, it allows device drivers installations and etc…
Regretfully devcon is not suitable for installing network filter drivers and since there is no GUI control panel applet then a port of snetcfg is also needed to install NDIS Lightweight Filter Driver. It was not a big deal to compile WinpkFilter for ARM, but simple compilation of snetcfg for ARM did not work and it needs more time to resolve.
Matt,
That depends on how Microsoft is going to release it. If Windows 10 supposed to work on Raspberry Pi 2 is going to be similar to Windows RT (where you can’t install anything besides Windows Update or applications from Windows Store) then the answer is probably no.
However, I don’t see much sense in releasing restricted OS for such device like Raspberry Pi 2 because you just won’t have any chance to extend it with custom hardware by installing appropriate drivers. So there is a little hope that platform will be at least as opened as x86 Windows 10 and we will be able to run custom drivers on it. If it happens then yes, just need to build WinpkFilter for ARM.
WinpkFilter Runtime & Tools 3.2.3.1.exe is not supposed to be redistributed, so it does not support silent install. However, it is not a big deal to build an installer which installs WinpkFilter drivers only and our customers have all necessary components to build such an installer.
Packet is matched against the filters list and first matching filter action is applied. So there is probably something wrong with your first filter.
You can use IP Helper API to retrieve current connections table and starting Windows XP this table also contains process ID. You can use IP/Port information from the packet to find the corresponding connection in that table and thus identify the process.
Do you use VB.NET for your project? I think I could create a CLS-compliant assembly wrapper for ndisapi.dll to resolve difficulties of this kind…
