none
Logging GET requests at STREAM layer RRS feed

  • Question

  • Hello everybody, thank you for looking at my question, I'm a newbie in WFP, please help me.

    I'm developing a WFP driver based on msnmntr sample (https://github.com/Microsoft/Windows-driver-samples/tree/master/network/trans/msnmntr) and my goal is to write all inbound and outbound GET requests into a txt file. (I'm sitting at FWPM_LAYER_STREAM_V4 )

    I've tried 2 methods:

    1. I notice that msnmntr uses FwpsCopyStreamDataToBuffer to copy stream data into buffer

    FwpsCopyStreamDataToBuffer( streamBuffer, stream, streamLength, &bytesCopied);

    DoTraceMessage(TRACE_CLIENT_SERVER, "%s", (const char*)stream);

    so I've tried to print that buffer directly by DoTraceMessage but I've got a crash because the stream data is non-terminated and DoTraceMessage doesn't support buffer length.

       2. I've tried to create work item to write stream data into a file by calling ZwWriteFile but there was no device object in classifyfn function to set as parent object to create a work item.

    So now I believe that I need an advice to acheive my purpose. What is the best way for me to write all inbound and outbound GET requests into a txt file?




    • Edited by m3liss4 Tuesday, October 11, 2016 9:22 AM
    Tuesday, October 11, 2016 9:17 AM

All replies

  • You need to have some basic Windows kernel programming skills:

    1. IRQL

    2. String manipulation

    3. File operations

    There are plenty of materials covering these topics outside of this forum.


    Ray

    Tuesday, November 1, 2016 12:32 AM