Reputation: 319
Hook process socket calls from kernel driver
Can anybody give me an example of kernel driver which can hook process socket calls (send, receive and etc.) and itercept it with my own functions?
Thanks!
Upvotes: 1
Views: 1982
Answers (2)
Reputation: 91
You can do this in kernel by using TDI filter. Check this out: http://www.codemachine.com/article_tdi.html
But TDI filter works on protocol level of network framework. So it is based on TCP/UDP protocol etc.
If you want to implement this lower. You can try to use NDIS filter. Check this out: http://msdn.microsoft.com/en-us/library/windows/hardware/ff565492(v=vs.85).aspx
Upvotes: 1
Reputation: 7389
Using Winsock Layer Service Providers might be of help to you. It allows you to intercept Winsock calls, but in user-mode. This makes development much smoother and the application more stable.
Upvotes: 0
Related Questions
- How to hook any API call on windows x64, x86?
- Linux kernel hook that knows the destination process of a socket
- How to send raw socket packets using Winsock Kernel (WSK) in kernel-mode driver?
- Windows Vista/7 Kernel Hooking of Userland
- Hook function in single process
- Intercept socket functions (windows)
- Hooking network functions using a driver, a high-level overview?
- Socket Hooking / Intercepting / Injecting (Windows)
- How do I change a process's socket connection
- How do I hook the TCP stack in Windows to sniff and modify packets?