- This topic has 4 replies, 2 voices, and was last updated 19 years, 3 months ago by
.
-
Posts
-
I want to develop a firewall, so afther the logistics wore made the next level is the development…
My question is which type of firewall is better user or kernel mode?
And what do you recommend to buid : a IM driver or implement a Hook (for NDIS), and why?Thank you.
It depends on your aim, what platforms you wish to protect …
Traditional way is to create kernel-mode drivers ( Hook ). This is because hook drivers are easy to install, have much common source for different platforms.
But if you’d like to support 2k and higher, I’d recommend to write IM-driver.
It’s supported by MS and it will be easier to get licence for it.My aim is to support Win98+ and to be able to do in the kernel driver more than packet filtering, could you tell me what you recommend (hook or IM)?
Can you give me some examples of implementation for some popular firewalls (including the NeT one that is on this site)?And last, i want to know from where to start learning about drivers development (I am relativily new to such programming and I need a quick tour)?
Then, you need Hook driver.
to develop drivers for winnt you’ll need DDK
for win9x drivers I’d recommend Numega VToolsD from DriverStudio packet. But this is my “imho”… I know people who do this using DDK for Win98.If you need samples, take a look at recources on this site.
And some other sites :
http://www.osr.com
http://www.pcausa.com
- You must be logged in to reply to this topic.