trap and modify (driver?)

0 views
Skip to first unread message

yov...@gmail.com

unread,
Apr 11, 2005, 3:38:44 PM4/11/05
to
hi

i'm a as newby as they get in networking and drivers.
i started reading a bit but i sure need some guidance...

i want to write something that will catch all outgoing network traffic,
and, based on what that content is, redirect some of it to my server,
maybe do some maipulations (cypher etc); and then monitor incoming
traffic as well, so data coming back fom my server will be manipulated
back, so everything is nice and transparent to all the applications
using the network.

i'd really appreciate any help u guys can offer:
what's the most suitable architecture and technology (tdi? ndis?)? are
there relevant samples out there (if there's a skeleton that i can just
add my specific code into, that'll be awesome...)

thanks very much

Paul G. Tobey [eMVP]

unread,
Apr 11, 2005, 3:59:18 PM4/11/05
to
I'm not entirely convinced that you're talking about Windows CE, which is
one of the groups that you targeted. Please confirm what OS you're talking
about...

Paul T.

<yov...@gmail.com> wrote in message
news:1113248324.3...@z14g2000cwz.googlegroups.com...

yov...@gmail.com

unread,
Apr 11, 2005, 4:34:18 PM4/11/05
to
You're right. My apologies.
I'm talking about XP

Maxim S. Shatskih

unread,
Apr 11, 2005, 7:52:16 PM4/11/05
to
> i'd really appreciate any help u guys can offer:
> what's the most suitable architecture and technology (tdi? ndis?)? are

You have written too long a feature list. Please specify what exact feature do
you want to implement.

--
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
ma...@storagecraft.com
http://www.storagecraft.com


yov...@gmail.com

unread,
Apr 12, 2005, 1:49:00 AM4/12/05
to
i'll be happy with just a short to-do list for writing a driver that
intercepts all incoming and outgoin traffic.
how to implement the specific content manipulations - i'll work out
myself

Arkady Frenkel

unread,
Apr 12, 2005, 2:51:58 AM4/12/05
to
Look at winpcap in this case.
http://winpcap.polito.it/default.htm
Arkady

<yov...@gmail.com> wrote in message
news:1113251658.6...@f14g2000cwb.googlegroups.com...

Calvin Guan

unread,
Apr 12, 2005, 10:14:52 AM4/12/05
to
You need an NDIS IM driver.
---------------------------------
Calvin Guan, Windows DDK MVP
Software Engineer, NT Driver
ATI Technologies Inc. www.ati.com

<yov...@gmail.com> wrote in message
news:1113284940....@o13g2000cwo.googlegroups.com...

yov...@gmail.com

unread,
Apr 12, 2005, 12:36:10 PM4/12/05
to
thanks for the answers, guys.
i really appreciate this.

arkady - are you suggesting that i take the winpcap filter driver? i'm
not very savvy - can a filter driver change incoming and outgoing
traffic?

calvin - would you say that the ddk passthru ndis im driver sample a
reasonable skeleton to start working on?
i mean, would it be a good infrastructure for the kind of stuff i need
or is there something basically wobbly in it that requires fixing?

thanks again

Maxim S. Shatskih

unread,
Apr 12, 2005, 1:42:26 PM4/12/05
to
> arkady - are you suggesting that i take the winpcap filter driver? i'm

I can also suggest the PASSTHRU DDK sample.

Thomas F. Divine [DDK MVP]

unread,
Apr 12, 2005, 2:00:52 PM4/12/05
to

<yov...@gmail.com> wrote in message
news:1113323770.0...@f14g2000cwb.googlegroups.com...

> thanks for the answers, guys.
> i really appreciate this.
>
> arkady - are you suggesting that i take the winpcap filter driver? i'm
> not very savvy - can a filter driver change incoming and outgoing
> traffic?
>

WinPcap is based on a NDIS protocol driver. NDIS protocol drivers cannot
change incoming or outgoing packets. Nevertheless, WinPcap does illustrate
some useful techniques for interfacing a user-mode applocation to NDIS
kernel-mode components.

> calvin - would you say that the ddk passthru ndis im driver sample a
> reasonable skeleton to start working on?
> i mean, would it be a good infrastructure for the kind of stuff i need
> or is there something basically wobbly in it that requires fixing?
>

Looking at the three "Extending the PaccThru NDIS IM Driver Sample" articles
on the Windows Driver Developer's Digest (http://www.wd-3.com) may also be
useful. The first two articles are in the Archives.

Good luck,

Thomas F. Divine, Windows DDK MVP
http://www.pcausa.com

Arkady Frenkel

unread,
Apr 14, 2005, 5:11:19 AM4/14/05
to
In addition ,if you need redirection you even don't need the driver but LSP
( user mode ) if you talk about socket connection
Arkady
"Thomas F. Divine [DDK MVP]" <tdi...@NOpcausaSPAM.com> wrote in message
news:Ot3cWm4P...@TK2MSFTNGP12.phx.gbl...
Reply all
Reply to author
Forward
0 new messages