Windows Filtering Platform Sample

Download sample, WFPSample.exe.

This is a Windows Filtering Platform sample project for the Windows Vista version of the Windows Driver Kit (WDK, also known as WinDDK 6000). The purpose of this sample code is to demonstrate the use of the Windows Filtering Platform provider contexts. In this sample, using a context allows information to be passed from a user mode component, which installs and configures a packet filter, to a kernel mode component that performs the actual filtering. The context information is simple in this case; it specifies a word replacement to be performed on the TCP stream.

  • To examine the user mode context creation code, see the call to FwpmProviderContextAdd0 in exe\medit.cpp!AppAddFilters

  • To examine the kernel mode context handling code, see the handler for FWPS_CALLOUT_NOTIFY_ADD_FILTER in sys\editor.c!StreamEditNotify.

This sample is based on the existing MSN Monitor sample, which is located at src\network\trans\msnmntr.

Running the Sample

Note

None of the filters, callouts, or sublayers in this demo are persistent.

  1. Build

    • Open a WinDDK 6000 (Windows Vista) build environment window.

    • Extract the source code included with this code sample package.

    • From the root directory of the source code, run build.exe. The root directory is the same directory where the dirs file is located.

  2. Install

    • Copy all of the binaries and msnmed.inf to a Windows Vista test computer.

    • On the Windows Vista test computer, right-click msnmed.inf and select Install.

  3. Run

    • Start the driver by running net start msnmed at a command prompt. Running net stop msnmed stops the driver.

    • Run medit.exe monitor to test the monitoring of content sent through MSN Messenger. You can use the TraceView tool to assist you with debugging. This tool is part of the WDK.

    • Run medit.exe word1 word2.

      Note

      In the current sample, word1 and word2 must be the same length. If you send text through MSN Messenger, word1 is replaced by word2. These filter words are implemented from user mode down to the kernel mode callout.

More Information and Errata

For more information, please see the MSDN online article which accompanies this sample. We will publish bugs and errata at https://www.jwsecure.com/dan/index.html. Please report new bugs by contacting JW Secure at https://www.jwsecure.com/contact.html.

this is draft content and is subject to change