I'm going to build a personal firewall on windows (XP - through Windows 7), which need to filter and log HTTP request . There are several kind of these, I've seen they are:
- Packet Filter API: which easiest and less flexible, but XP and Vista-Win7 has different APIs to implement this, i'll need combine this method with WinPCap to log request.
- Kernel mode hook filter as here http://beta.codeproject.com/KB/IP/FwHookDrv.aspx, he said that this method can only hook once per system.
- TDI packet filter: MS said that they are plan to remove this in the future version of Windows.
- NDIS Intermediate Driver: most flexible, most complicate.

So now, i'm prefer using NDIS method, but i cannot find many documents, samples about it? and Is it much different between NDIS 5.x and NDIS 6.0?
Posted on 2010-06-16 22:28:25 by secmask
Link to NDIS 5.1. It has a link to NDIS 6.0 and a "porting guide" which explains the differences.
this site looks abandoned/very incomplete but aparrently gives some basic info about NDIS.
Posted on 2010-06-17 00:18:00 by ti_mo_n