locked
Edit all outbound IP frame to add an option in IP header RRS feed

  • Question

  • Hello,

     

    My goal is easy : add an option (cf. RFC 791) in the IP header for each outbound frame of a windows XP or Vista computer.

     

    I have read all threads in this forum, especially interestings things there(http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1950957&SiteID=1)

    and there

    (http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1997441&SiteID=1)

     

     

    So, here are my questions :

     

    1. Will I have to build a "kernel driver" to achieve this goal ? It is my first "very low level" development, so I am a little bit frighten about all that stuff (I am originaly a .NET developper !) ... As kernel drivers seems to be an horror to debug, can I do a User Mode Driver instead ?

     

    2. Will I be able to build a single application (or driver), for XP and Vista ? I read that the process of building such filters has changed with Vista and WFP ...

     

    3. Would somebody got a complete source code of a packet rewriter, or anything that does packet processing, so I could spend some time studying all this ... There is a Packet Modification sample in WDK I just downloaded, but it realy does too much things, and it is hard to understand anying in a so large source code ...

     

    4. Any help or clues to achieve my goal would be appreciated :-) I realy thought that Windows had an easy way to access the TCP/IP stack to intercept and modifiy data packet ... Is seems not to be the case !

     

    Thanks for you help

     

    Guillaume

    Direct contact : guillaume.braux_at_docteursouris.fr

    Thursday, April 24, 2008 10:39 PM

Answers

  • You may want to research into Winsock LSP (Layered Service Provider) to see whether it allows setting specific socket option on a per send basis. It allows interceptoin of socket set-option calls.

     

    If LSP is not feasible, than I think kernel mode driver would be required for packet modification.

     

    WFP is only available form Vista and onward. NDIS IM driver would be an consideration if you want single code base. There is filtering API named filter-hook in XP which has been removed from Vista.

     

    you could find some one-pager code snippet of WFP packet modification samples here -- http://msdn.microsoft.com/en-us/library/aa938500.aspx.

     

    Hope this helps,

    Biao.W.

    Thursday, May 1, 2008 2:30 AM