hi there,
its me again :)
i am working on a packet anlyzer based on winpcap library. after fiddling with tons of packets and wading through tons protocol definitions, i thought i should work on some other project for a break :) so i decided to work write my own firewall...:)
so, i started reading the ndis/msdn docs, and started looking for some sample source code for firwalls. But nope...its not as easy as i expected. there are some articles that describe tdi firewalls, but they are not really "firewall", sitting behind the tcp/ip stack. i came across the site http://www.ntkernel.com/articles/firewalleng.shtml .
according to the above article i need to hook the four ndis functions:
NdisRegisterProtocol , NdisDeregisterProtocol , NdisOpenAdapter , NdisCloseAdapter. But the hooking part is still not clear to me.
I found elicz's tookit for kernel mode hooking quite intersting. but elicz has not included the source code ( well actually he has, because everyone knows elicz is the only one who wites kernel mode code in asm :)....but please dont ask me to "read" the code using IDA :)
so, the big question is, "how to do kernel mode hooking" :)
any help ?????
its me again :)
i am working on a packet anlyzer based on winpcap library. after fiddling with tons of packets and wading through tons protocol definitions, i thought i should work on some other project for a break :) so i decided to work write my own firewall...:)
so, i started reading the ndis/msdn docs, and started looking for some sample source code for firwalls. But nope...its not as easy as i expected. there are some articles that describe tdi firewalls, but they are not really "firewall", sitting behind the tcp/ip stack. i came across the site http://www.ntkernel.com/articles/firewalleng.shtml .
according to the above article i need to hook the four ndis functions:
NdisRegisterProtocol , NdisDeregisterProtocol , NdisOpenAdapter , NdisCloseAdapter. But the hooking part is still not clear to me.
I found elicz's tookit for kernel mode hooking quite intersting. but elicz has not included the source code ( well actually he has, because everyone knows elicz is the only one who wites kernel mode code in asm :)....but please dont ask me to "read" the code using IDA :)
so, the big question is, "how to do kernel mode hooking" :)
any help ?????