CODEWITHSUNDEEP
cwindowskerneldriver
user997112
user997112

Reputation: 30615

Hooking network functions using a driver, a high-level overview?

I have just managed to write my first windows driver (havent registered it yet- but i managed to get the things created!).

I wondered if someone can give me a high overview of how I could achieve the following:

I would like to write a driver which will implement some behaviour when a network packet is received by the computer, before windows does what it does with the packet, i'd like to take this data and output it to the console of a C or C++ program.

Lets assume I have a C/C++ program written, which has a console. How does the C/C++ program interact with the driver I wrote which is hooking the network activity? Is it simply some C code which calls my drivers, the function returns the data as an object and then I can use that object to display in the console?

Thank you in advance for any possible replies

Upvotes: 0

Views: 488

Answers (2)

Kristof Provost
Kristof Provost

Reputation: 26322

If you really want a driver, or have a requirement to manipulate or filter packets before they hit the windows network stack you need to look into filter drivers.

This filter driver can then expose a device file on which your user space application can then read/write. The windows DDK contains examples.

Upvotes: 0

Andriy Tylychko
Andriy Tylychko

Reputation: 16256

You don't need a driver for this task. Use packet sniffer library like PCap (actually you'll need WinPCap). It's really simple to capture packets and print them to console.

Alternative way is raw socket. But desktop Windows (as opposite to Windows Server) limits raw socket functionality.

Upvotes: 1

Related Questions