Forum Replies Created
-
AuthorPosts
-
Since officially MS does provide tools for extending Windows with new subsystems the task looks very non trivial (if possible at all without having the access to the complete source code).
Among VB samples in WinpkFilter package you can find PassThru. This is basic sample to filter (drop, pass, modify) the network packets.
May be the reason is in the loopback packet indication. You see packet twice, one time when it is sent and second time when it is indicated back by NDIS (loopback indication) to installed protocols. This is just a version, because I have no idea how you emulate packets on VirtNet.
Internet Gateway can be installed on Windows XP in two variants, with NDIS hooking driver or NDIS IM driver. As I can see from log you have chosen to install NDIS IM driver, however have not you installed WinpkFilter run time before on this system? Or Internet Gateway with NDIS hooking driver selected?
Testing WinpkFilter 3.0.4 on Windows Vista x64 SP1 have not discovered any problems.
Probably you have experienced some software conflict or installation went wrong because of Driver Signing policy.
What do you actually mean under “access”? Address? If so then you have to parse PE header as usual to get imports table address.
Could you please clarify what version of WinpkFilter you have been using on Vista x64?
Since this is a virtual network interface you can’t connect two systems with it, but you can emulate the connection between two VirtNet adapters with WinpkFilter. However, you will need some real transport between you computers (another network adapter, direct cable connection, bluetooth or etc…)
1. How can we redirect the ip which is browsing the restricted websites to the desired page. Though our program blocks the website but it is unable to redirect the page.
You can’t redirect connections using existing LNM API, it would require an additional kernel level extension. Actually redirects are far easier implemented using WinpkFilter.
2. We connected two PC via LAN wire and gave internet connection to one of them(gateway). We are accessing the internet on another PC via the previous one. But the data of the non-gateway PC is encrypted and hence we are unable to monitor its requests.
The only correct way I can see is installing your software on gateway system and monitoring the Internet connection with WinpkFilter. LNM API does not have access to the routed packets.
The problem is fixed in 2.2.6. Thanks again for reporting this.
How do other people get these files?
Commercial licenses of WinpkFilter are also available and do include all required redistributables.
Only packets containing data reach TDI level.
Quote from WinpkFilter run-time license:
WinpkFilter 3.0 Runtime Libraries is provided as freeware for private (non commercial), or educational (including non-profit organization) use.It may not be distributed for profit, nor may it be included in products or otherwise distributed by commercial entities to their clients or customers without the prior written permission of the author.
So basically WinpkFilter run-time is not supposed to be used for creating redistributable WinpkFilter based software and therefore does not install all redistributable components.
What’s about your WinpkFilter – Framework?
WinpkFilter operates at the NDIS level and can’t associate packet with PID without any additional information.
I just saw your Local Network Monitor API, that seems to be the right stuff?
You are right, Local Network Monitor API can be used for this.
TDI filter, LSP, AFD filter are the most common options.
-
AuthorPosts