Need to replace my LSP with WFP?

[Vishal Swarnkar]

Hi,
I am new to WFP and doesnt know much about it, so I need an expert
comment that whthr I can replace my LSP with new WFP architecture or
not.

What my LSP does?
I install my LSP over TCP/UDP?RAW providers.The moment an WinSock app
openes a new Connect or Accept socket, I fetch the information of that
particular socket (Process ID,Local IP, Remote IP, Dest PortNo,Socket
Desc) and send(add) this tuple to my Ethernet Controller driver. The
moment Winsock application closes its socket, my LSP also send(remove)
the same tuple from my Ethernet Controller driver.

There is no packet modification as such, which I want. Besides this
the important thing is, that I am not interested in all WinSock
application which are intercepting my LSP, beside this I have a
certain set of application which I care really, so I need to have the
process information also. When I say Process Information I am
interested in the process tree(parent processes, chils, siblings
all).
In a nutshell if it is possible to replace my requirement from LSP to
WFP,WSK,TDI Filter etc then the replacement should have capabilty to
get process information.

Please help me with this. If I am not clear please ask more questions
and suggest a way.