Forum Replies Created
-
Posts
-
I believe that, eventually, it will no longer be possible to sign drivers for Windows 7/8, much like it’s currently impossible for Windows Vista. Depending on your code signing certificate, you may need a cross-certificate to correctly sign drivers for Windows 7/8. In my experience, I’ve encountered the fewest issues with certificates from GlobalSign. However, I agree that driver signing can be tricky.
You’re correct, I did not pass the Windows 7/8 driver through HCK testing, and as you may have noticed, it doesn’t have a Microsoft signature.
In a future release, I plan to handle DisallowedApps at the kernel level. This should improve performance, and while I’m not entirely certain, it might help resolve cases like this one.
Hmm, this might be due to tunnel instability. In virtual adapter mode, activating or deactivating the tunnel changes the routing table, which can lead to disconnects. This issue doesn’t occur in transparent mode (without the -lac option) because it intercepts and processes selected packets directly from your default connection.
For Windows 10/11, you’re following the correct process. Though I sign the driver binary before submitting it to MS. However, for Windows 7/8, it’s sufficient to sign the driver with just your code signing certificate.
Driver signing can be challenging, but in my experience, token-based certificates from GlobalSign typically work without any issues for Windows 7/8.
Thank you for pointing that out! We appreciate your attention to detail. The typos have been fixed, and everything should be consistent now.
Thanks also for the compliment on the website—we’re glad you like it!
Could you please try running WireSock with the logging level set to ‘all’? This will capture the traffic into pcap files, allowing us to check for any anomalies.
Have you encountered any issues installing Windows Packet Filter or WireSock on Windows 7/8? While HCK/WHQL certification is beneficial, it is not required.
Thanks for your openness and understanding. I appreciate your perspective on keeping end-user costs to a minimum—it’s a crucial factor in any project. However, I must emphasize that kernel mode software, while powerful, carries significant risks for end users if not thoroughly tested and vetted. We’ve seen cases like CrowdStrike that underscore the importance of using well-tested, reliable solutions.
That said, I understand the need to explore cost-effective options, and it’s great that you’re considering all possibilities. If you find that other options don’t meet your needs, please feel free to reach out. We’re here to provide a well-tested and robust solution that you can trust.
Thanks for reaching out, and I’m glad to hear that you got the NdisApiDotNet example working the way you want.
Regarding your question, the behavior you’re observing when you introduce latency or debug the Task is expected. Pausing the packet reading, processing, and re-injecting loop will indeed cause the network adapter to “freeze” because the driver depends on that continuous loop to maintain traffic flow. When the loop is interrupted, the driver is essentially left waiting, which stops the traffic.
If you need to extract packets for out-of-band processing, this should be handled in a dedicated thread. This way, the main loop can continue processing and re-injecting packets while your separate thread manages the additional processing. This approach ensures that network traffic continues to flow smoothly without interruption.
And yes, when you modify packets, recalculating checksums is necessary to ensure the integrity of the data. If checksums are not recalculated, the modified packets may be rejected or cause issues further down the line.
