Forum Replies Created
-
Posts
-
1- can winpkfilter supporte WIFI paquets ?.
Yes
2- Is the paquets captured by winpkfilter ara the original paquets or
just a copy of original? .Not sure what you really mean here, but if you modify the packet which is sent/received over WiFi it will come modified to network/MSTCP. This is unlike winpcap which gives you a copy of the packet and its modification won’t change anything.
I suppose the problem is not in the engine but in what you do with packets:
if(pPktDes->ePktDirection == VG_PACKET_FROM_NIC)
{
memcpy(pEthHdr->h_dest, dstMac, ETH_ALEN);
memcpy(pEthHdr->h_source, srcMac, ETH_ALEN);
if(!VgPdeTransmit((char *)pPktDes->pPktBuf,pPktDes->nPktLen,VG_PACKET_TO_NIC))
{
PdeDemoShow("IpHandler@VgPdeTransmit errorn");
return FALSE;
}
}
else /* from MSTCP */
{
if(!VgPdeTransmit((char *)pPktDes->pPktBuf,pPktDes->nPktLen,VG_PACKET_TO_NIC))
{
PdeDemoShow("IpHandler@VgPdeTransmit errorn");
return FALSE;
}
}I don’t know what are the MAC addresses you have used are taken from. But if the address you set as source MAC does not match the NIC address you send the packet from then you may meet problems. In Windows all packets sent on the network are normally indicated back to protocol (so called hardware loopback). It is posssible to use NDIS_FLAGS_DONT_LOOPBACK or/and NDIS_FLAGS_SKIP_LOOPBACK flags (set for the packet in INTERMEDIATE_BUFFER.m_Flags) to prevent the loopback but these packets are system specific and not guarantee to work properly on every Windows, though I used them just fine for the Ethernet Bridge. WinpkFilter normally filters out the loopback packet by checking the source MAC address (packet is skipped if source MAC = NIC MAC), but in your case it may fail to do so (if source MAC does not match the NIC address) and even single packet starts going in the endless loop (from application to WinkFilter, then From WinpkFilter to NIC, from NIC to WinpkFilter, from WinpkFilter to application and so on) -> 100% CPU load.
You can read this topic on forum regarding the loopback packets:
Not sure why you may need this, but you can swap source and destination Ethernet and IP addresses (you may also need to do something with TCP?UDP headers if necessary). Then just use SendPacketToMstcp instead SendPacketToAdapter.
WinpkFilter 3.0.2 was released 2007-Apr-30, so this is an old news. The coming release will be 3.0.4.
I have e-mailed to you the InnoSetup script which was used to generate the run-time library available for download from this site. You can use it for the reference. However, setup procedure is fully described in help file. You must be doing something wrong if driver does not get loaded.
If I want to order ndisrd.sys driver source code, pls tell me what contents or components is contained in its source code base?
It contains the complete source code for the NDIS hooking and IM drivers.
For windows x64 OS, why not continue to adopt NDIS-hooking technology, but official IM driver scheme for ndisrd.sys?
Windows XP/2003 x64 introduced PatchGuard technology which protects NDIS.SYS export table from modifications (if PatchGuard finds that NDIS.SYS was modified then it crashes the system). This is also true for Vista/2008 x64. Preventing PatchGuard from doing is job is possible but requires kernel modifications and these modifications are different for different kernel builds because MS updates PatchGuard each time when they got informed there is a way to workaround the current implementation.
I search winpkfilter over google and find that an Austria-based company DeskSoft(http://www.desksoft.com) builds its product BWMeter upon WinpkFilter, is it true? Can u confirms that if u don’t mind?
Yes, it is true.
WinpkFilter installation does not write any license information into the registry and basically installation steps you have performed are correct. Have you rebooted the system after adding the registry key?
I just tried to compile PacketSniffer project under VB6 and it worked just fine. The resulted binary also works without any crashes.
In you case do you get VB environment or PacketSniffer application crash?
I see two possibilities:
1) Create a virtual network interface on top of RS232
2) Use VirtNet+WinpkFilter+special application working with WinpkFilter passing data between RS232 and VirtNet adapter.First approach requires driver coding but more solid in design, second one can be implemented completely in user mode.
System (TCPIP.SYS) recognizes SYN-ACK only when it was establishing the connection (sending SYN) itself. To force TCPIP.SYS to accept SYN-ACK you would have to modify TCPIP.SYS internal structures.
Normally if you are trying to establish TCP connection with WinpkFilter you have to process SYN-ACK yourself without passing it up to TCPIP.SYS and generate ACK to complete the handshaking.
1. if i am a license buyer,can we get the both x86 and x64 current version?
Yes, of course.
2.can u get me some examples at lease two which use winpkfilter for himself software?
Not sure what you exctly mean here, but there are a couple of advanced sampes – Internet Gateway and Ethernet Bridge which are available to licensed users.
a fool question Rolling Eyes ,it is: if i but the winpkfilter for a license,when i send my software which used the winpkfilter, ~~~~~~this’s to say: the winpktilter driver i paid will be published. how to prevent it?
Standard build of WinpkFilter driver is freely available for private and non-commercial use, I don’t think that anyone would steal your custom build.
IN/OUT of firewall rule in terms of TCP protocol is treated as incoming/outgoing connections; in terms of other protocols it is incoming/outgoing packets. As you can see here is a small difference between TCP and UDP.
Do I need to purchase WinPkFilter in order to get the NAT sample?
Yes, you’d have to.
I plan to purchase a license, but I am a student, and don’t have a lot of money right now.
Drop an e-mail to support(at)ntkernel.com, I think we will be able to help you in this case.
It seems to me that Microsoft restricts on the name of service ( only Passthru is allowed )
No it does not. Basically the steps you did are correct, but probably you missed something.
