[Vadim Smirnov]

What operating system you are using?

[Vadim Smirnov]

Sometimes reboot is required, sometimes not. That depends if network stack can reconfigure dynamically or not.

[Vadim Smirnov]

New version of Local Monitor will be released in next couple of days.

[Vadim Smirnov]

If you try to install WinpkFilter run-time on the fresh copy of Windows XP x64 under Administrator account you should not meet any problems. I don’t know what was the particular reason for the automatic installation to fail, may be lack of privilege to install the driver, may be previous version of WinpkFilter was installed before and was not completely removed before reinstall, may be something else.

[Vadim Smirnov]

WinpkFilter 3.0.5 released:

1) fixed compatibility issue with Kaspersky software
2) added API for getting active WAN connections information
3) added API for sending/receiving bulk of packets

Important note:
For Windows Vista and later versions of the Windows family of operating systems, kernel-mode software must have a digital signature to load on x64-based computer systems. WinpkFilter drivers are not signed and in order to test them on Vista x64 you should press F8 during system boot and choose Disable Driver Signature Enforcement option. For the commercial software you’d have to obtain Code Signing certificate from Verysign or another Certificate Authority authorized by Microsoft.

If you are eligible for a free update, please send the following details to support@ntkernel.com to receive an update instruction:

1. Your order ID.
2. An approximate date of purchasing.

[Vadim Smirnov]

WinpkFilter 3.0.5 will be placed for public after pre-release testing completion.

[Vadim Smirnov]

Yes it is possible and this is the right way to drop packets.

[Vadim Smirnov]

So far only the packets statistics (packets this filter was applied to) is accumulated for loaded filters. There is no special event to indicate that the filter was triggered.

[Vadim Smirnov]

Ahh, you mean packets passed without being indicated to user mode. Well, since this packets are supposed to be passed with minimal performance affect they have to no event to trigger.

[Vadim Smirnov]

hi,admin,you said will release a new version in april,but now, is nothing. please please to going fast

Hopefully this week

[Vadim Smirnov]

It is possible to add a timestamp to packets if needed.

[Vadim Smirnov]

Если из Ring0 => из драйвера
XP x64 => драйвер 64 битный и ndisrd 64 битный

Между 64 битными драйверами используем обычный INTERMEDIATE_BUFFER

INTERMEDIATE_BUFFER_WOW64 определена, чтобы из 32 битного приложения передать данные в 64 битный драйвер, при этом не меняя кода 32 битного приложения. Бинарная структура INTERMEDIATE_BUFFER собранная 32 битным компилятором отличается от INTERMEDIATE_BUFFER собранной 64 битным. Но бинарная структура INTERMEDIATE_BUFFER_WOW64 собранной 32 битным компилятором совпадает с бинарной структурой INTERMEDIATE_BUFFER собранной 64 битным. Теперь понятно???

[Vadim Smirnov]

Event set to driver through SetPacketEvent API is signaled immediately on packet send/receive event.

[Vadim Smirnov]

Ккие-то проблемы в вашем коде, никаких наложений и затираний быть не может, память под пакеты идет фиксированными буферами, даже если пакет 14 байт, то все равно под него выделено 1514.

[Vadim Smirnov]

А зачем все это? Структура INTERMEDIATE_BUFFER_WOW64 определена для внутреннего пользования (конверсии в случае 32 битного приложения и 64 битного драйвера). Приложение-клиент должно работать с INTERMEDIATE_BUFFER, все необходимые конверсии сделает NDISAPI если они будут нужны.

[Author]

Posts