Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

Monthly Seminars at OSR Headquarters

East Coast USA
Windows Internals and SW Drivers, Dulles (Sterling) VA, 13 November 2017

Kernel Debugging & Crash Analysis for Windows, Nashua (Amherst) NH, 4 December 2017

Writing WDF Drivers I: Core Concepts, Nashua (Amherst) NH, 8 January 2018

WDF Drivers II: Advanced Implementation Techniques, Nashua (Amherst) NH, 15 January 2018


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 3  
11 Aug 17 05:48
tope awolowo
xxxxxx@gmail.com
Join Date: 09 Aug 2017
Posts To This List: 18
Writing filters and conditions

Good day sir. Thank you so much for the reffeence docuemnation. Am ware that i need to write conditions and filters to allow certain DNS queries to pass, while while other. Do want to know how do i write these filters. Your response is highly needed. On 8/10/17, xxxxx@hotmail.com <xxxxx@lists.osr.com> wrote: > Please see this > > https://msdn.microsoft.com/en-us/library/windows/desktop/bb451831(v=vs.85).aspx > > Clearly FWPM_LAYER_ALE_AUTH_CONNECT_V4 is a correct layer to intercept dns > query. > > At this point remote address can be changed and dns query redirected. > > <...excess quoted lines suppressed...>
  Message 2 of 3  
11 Aug 17 06:09
ashish kohli
xxxxxx@hotmail.com
Join Date: 29 Nov 2014
Posts To This List: 45
Writing filters and conditions

Hi There are 2 types of packet modification. 1) Changing the 5 tuple ( src,dest,srcport,destport,protocol).This is achieved by modifying IP Header and Transport header. 2) Second is changing the payload. You have to get data from NET_BUFFER_LIST using NdisGetdataBuffer and then change it. Packet modification is described in WFP Sampler Microsoft Sample. ________________________________ From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> on behalf of tope awolowo <xxxxx@gmail.com> Sent: Friday, August 11, 2017 3:17 PM To: Windows System Software Devs Interest List Subject: [ntdev] Writing filters and conditions Good day sir. Thank you so much for the reffeence docuemnation. Am ware that i need to write conditions and filters to allow certain DNS queries to pass, while while other. Do want to know how do i write these filters. Your response is highly needed. On 8/10/17, xxxxx@hotmail.com <xxxxx@lists.osr.com> wrote: > Please see this > > https://msdn.microsoft.com/en-us/library/windows/desktop/bb451831(v=vs.85).aspx UDP Packet Flows (Windows) - msdn.microsoft.com<https://msdn.microsoft.com/en-us/library/windows/desktop/bb451 831(v=vs.85).aspx> msdn.microsoft.com The order in which the layers of the Windows Filtering Platform (WFP) filter engine are traversed during a typical UDP session. > > Clearly FWPM_LAYER_ALE_AUTH_CONNECT_V4 is a correct layer to intercept dns > query. > > At this point remote address can be changed and dns query redirected. > > > > --- <...excess quoted lines suppressed...> OSR Online NTDEV List<http://www.osronline.com/showlists.cfm?list=ntdev> www.osronline.com OSR Online is the homepage for Windows driver writers. The NTDEV, NTFSD, and NTTALK lists are world-wide peer support forums administered by OSR. > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and software > drivers! > Details at <http://www.osr.com/seminars> [https://www.osr.com/wp-content/uploads/seminar_map4_big.png]<http://www.osr.com/ seminars> Windows Driver Development Training from OSR<http://www.osr.com/seminars> www.osr.com Learn Windows driver development, file system development, and debugging from developer/instructors with real-world experience. Seminars taught world-wide. > > To unsubscribe, visit the List Server section of OSR Online at > <http://www.osronline.com/page.cfm?name=ListServer> ListServer/Forum<http://www.osronline.com/page.cfm?name=ListServer> www.osronline.com OSR Open Systems Resources, Inc. The Windows device driver and file systems experts. Seminars - Development - Consulting - Training > --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> OSR Online NTDEV List<http://www.osronline.com/showlists.cfm?list=ntdev> www.osronline.com OSR Online is the homepage for Windows driver writers. The NTDEV, NTFSD, and NTTALK lists are world-wide peer support forums administered by OSR. MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> [https://www.osr.com/wp-content/uploads/seminar_map4_big.png]<http://www.osr.com/ seminars> Windows Driver Development Training from OSR<http://www.osr.com/seminars> www.osr.com Learn Windows driver development, file system development, and debugging from developer/instructors with real-world experience. Seminars taught world-wide. To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer> ListServer/Forum<http://www.osronline.com/page.cfm?name=ListServer> www.osronline.com OSR Open Systems Resources, Inc. The Windows device driver and file systems experts. Seminars - Development - Consulting - Training --
  Message 3 of 3  
11 Aug 17 06:13
ashish kohli
xxxxxx@hotmail.com
Join Date: 29 Nov 2014
Posts To This List: 45
Writing filters and conditions

Hi There are 2 types of packet modification. 1) Changing the 5 tuple ( src,dest,srcport,destport,protocol).This is achieved by modifying IP Header and Transport header. 2) Second is changing the payload. You have to get data from NET_BUFFER_LIST using NdisGetdataBuffer and then change it. Packet modification is described in WFP Sampler Microsoft Sample.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 10:16.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license