Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using the Windows Filtering Platform. I want to create a traffic filter, security manager, which monitors packets and network events or blocks urls… I know most of the WFP functions can be called from either user mode or kernel mode. I am wondering whether to write my filter by using kernel-mode functions or user-mode ones?? Is there any kind of network actions that can only be captured by using kernel-mode driver? Please help me in this regard.
Thanks in advance for any help on the matter
Alexandre is correct, some things can only be done with kernel mode WFP callout drivers.
However, you might also want to look at my project WinDivert (LGPL) which lifts some WFP kernel-mode functionality (i.e. intercepting and modifying packets) into a user-mode API. WinDivert provides the callout driver for you.