Forum Replies Created
-
Posts
-
You can use WinpkFilter built-in filters to intercept only packets destined to port 80. For the intercepted packet you can get a pointer to packet data and search for the “explorer” string. If you modify the packet you have to recalculate packets TCP and IP checksums. Also, if you modify packet length you also have to affect TCP header.
I’m not experienced in C# well enough to inspect your code for possible errors. However, I would recommend you to install network sniffer like Network Monitor or Wireshark and intercept your handcrafted packets from the network. Network sniffer will show if anything is wrong with checksum.
Also, I can’t see in the code fragment where do you check if you are working with UDP packet. Or do you treat every outgoing packet as UDP one?
Try to run passthru sample on the same network interface for which you run wireshark and I think you will be able to get exactly the same capture.
WinpkFilter 3.0.7 released. This service release includes the bugfix for WinpkFilter NDIS IM driver on power state changes.
If you are eligible for a free update, please send the following details to support@ntkernel.com tо receive an update instruction:
1) Your order ID.
2) An approximate date of purchasing.You can use VirtNet under Windows x64 if disable driver signing requirement (press F8 during system boot and choose Disable Driver Signature Enforcement option) or you can use test signing for VirtNet driver.
For the cross platform compatibility WinpkFilter driver returns adapter names as ANSI strings (actually only ANSI set used for internal adapter names). On user mode level you can operate with UNICODE strings if needed, just remember that strings from driver are in ANSI.
It may happen if your packet processing code is incredibly slow. In this case internal driver packets queue reaches its maximum size and all newly coming packets are dropped.
If you use high speed connection I recommend to use ReadPackets API instead ReadPacket (refer PackThru sample) and optimize your packet processing code.
WinpkFilter 3.0.6 released. This service release includes the bugfix for WinpkFilter NDIS IM driver (BSOD on restoring from Hibernate state on Windows Vista).
Important note:
For Windows Vista and later versions of the Windows family of operating systems, kernel-mode software must have a digital signature to load on x64-based computer systems. WinpkFilter drivers are not signed and in order to test them on Vista x64 you should press F8 during system boot and choose Disable Driver Signature Enforcement option. For the commercial software you’d have to obtain Code Signing certificate from Verysign or another Certificate Authority authorized by Microsoft.If you are eligible for a free update, please send the following details to support@ntkernel.com tо receive an update instruction:
1) Your order ID.
2) An approximate date of purchasing.
