Forum Replies Created
-
Posts
-
If the file was opened in non shared mode then you won’t be able to access it from another process using Win32 API. However, you still can open the volume device in raw mode (bypassing the filesystem) and read sectors containing file data.
You can use file system filter driver to monitor all file operations. However, in case of Windows message you have mentioned – it rather implemented in the Windows Explorer and you will be able to remove those files through the command line or another file manager.
Since officially MS does provide tools for extending Windows with new subsystems the task looks very non trivial (if possible at all without having the access to the complete source code).
Among VB samples in WinpkFilter package you can find PassThru. This is basic sample to filter (drop, pass, modify) the network packets.
May be the reason is in the loopback packet indication. You see packet twice, one time when it is sent and second time when it is indicated back by NDIS (loopback indication) to installed protocols. This is just a version, because I have no idea how you emulate packets on VirtNet.
Internet Gateway can be installed on Windows XP in two variants, with NDIS hooking driver or NDIS IM driver. As I can see from log you have chosen to install NDIS IM driver, however have not you installed WinpkFilter run time before on this system? Or Internet Gateway with NDIS hooking driver selected?
Testing WinpkFilter 3.0.4 on Windows Vista x64 SP1 have not discovered any problems.
Probably you have experienced some software conflict or installation went wrong because of Driver Signing policy.
What do you actually mean under “access”? Address? If so then you have to parse PE header as usual to get imports table address.
Since this is a virtual network interface you can’t connect two systems with it, but you can emulate the connection between two VirtNet adapters with WinpkFilter. However, you will need some real transport between you computers (another network adapter, direct cable connection, bluetooth or etc…)
1. How can we redirect the ip which is browsing the restricted websites to the desired page. Though our program blocks the website but it is unable to redirect the page.
You can’t redirect connections using existing LNM API, it would require an additional kernel level extension. Actually redirects are far easier implemented using WinpkFilter.
2. We connected two PC via LAN wire and gave internet connection to one of them(gateway). We are accessing the internet on another PC via the previous one. But the data of the non-gateway PC is encrypted and hence we are unable to monitor its requests.
The only correct way I can see is installing your software on gateway system and monitoring the Internet connection with WinpkFilter. LNM API does not have access to the routed packets.
How do other people get these files?
Commercial licenses of WinpkFilter are also available and do include all required redistributables.
Quote from WinpkFilter run-time license:
WinpkFilter 3.0 Runtime Libraries is provided as freeware for private (non commercial), or educational (including non-profit organization) use.It may not be distributed for profit, nor may it be included in products or otherwise distributed by commercial entities to their clients or customers without the prior written permission of the author.
So basically WinpkFilter run-time is not supposed to be used for creating redistributable WinpkFilter based software and therefore does not install all redistributable components.
