flat assembler
Message board for the users of flat assembler.
Index
> Windows > WinPCap question |
Author |
|
typedef 05 Jul 2011, 22:25
Ring0 is the answer if you want custom data capture ? The WDK7 comes with a tutorial of that type too. (It does not necessarily capture data etc, it just shows you how to setup, and and receive events.)
However, some APIs are limited only to Win Server 200X. WinPcap would mean that you'd have to sit in front of your PC and do it manually, or setup batch scripts to get it done. Either is a good option |
|||
05 Jul 2011, 22:25 |
|
LocoDelAssembly 06 Jul 2011, 00:24
From what I know WinPcap will allow you to capture, however, you'll have some problems with sending raw packets (I never managed to send one over a PPPoE connection, but it's OK over plain Ethernet), and I think it comes with no means to block packets from reaching the applications (but it allows you to set up a filter so you capture only a subset of all incoming traffic).
Another option is write your own network driver, but since Microsoft now requires drivers to be signed, you'll probably better off with WinPcap if it really gives you all you need since it comes signed. PS: BTW, the traffic blocking part perhaps could be implemented by programmatically configuring the Windows' built-in firewall as needed. |
|||
06 Jul 2011, 00:24 |
|
typedef 06 Jul 2011, 19:02
LocoDelAssembly wrote: Microsoft now requires drivers to be signed I think that applies mainly to Industry standard drivers. You don't have to sign it in-order to run it. You can just manually load it when it's needed. As simple as that. |
|||
06 Jul 2011, 19:02 |
|
Dex4u 07 Jul 2011, 16:29
Why not just code it for linux, as you can do raw packets in linux.
You can make a boot disk or code it as a linux server, that does the capture and sends the raw data to a windows PC, enclosed in http etc. |
|||
07 Jul 2011, 16:29 |
|
typedef 07 Jul 2011, 23:14
Dex4u wrote: Why not just code it for linux, as you can do raw packets in linux. That's what I like about Linux. Windows always wants you to be "2nd level consumer" not "first level" |
|||
07 Jul 2011, 23:14 |
|
garystampa 08 Jul 2011, 18:42
Dex4u wrote: Why not just code it for linux, as you can do raw packets in linux. If I was the boss, I would... Has anyone ever used "Windows Filtering Platform" ? I wonder if it could be abused to perform this functionality? . |
|||
08 Jul 2011, 18:42 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.