Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Writing hook driver over TCP/IP driver

OSR_Community_UserOSR_Community_User Member Posts: 110,217
I have to develop a driver which encrypts the TCP data. So what I felt
is write a hook to TCP/IP driver, capture the data ,encrypt it and
pass it to TCP/IP driver. But I don't know the device name of the
TCP/Ip driver to delegate the calls below. How can I find the device
name of TCP/IP driver for attching to it.

First of all, Am I correct in going for filter driver?

Thanks in advance

Regards,
Gopikrishna

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi Kannan,

    Thanks for your reply.
    The only problem with your approach is that, not all applications use sockets (e.g. Neighbourhood network - configured to use NETBIOS over TCP/IP). So what should I do in that case



    Regards,

    Gopikrishna



    ----- Original Message -----
    From: Kannan. S
    To: [email protected]
    Sent: Wednesday, April 12, 2000 7:23 AM
    Subject: RE: [ntdev] Writing hook driver over TCP/IP driver


    Hello Gopikrishna,

    While developing a driver may be one way, about which I dont know,
    if you intend to encrypt only the data transferred , then you can write
    something called winsock layered service provider, which is a user
    mode dll. You can hook onto all the socket calls and do encryption.

    Look in MSDN library documentation for "layered service provider"
    I think there is a knowledge base article on it and a good sample
    dll with sources.

    Cheers!
    /Kans.

    -----Original Message-----
    From: [email protected] [mailto:[email protected]]On Behalf Of Gopikrishna
    Sent: Wednesday, April 12, 2000 4:11 PM
    To: NT Developers Interest List
    Subject: [ntdev] Writing hook driver over TCP/IP driver


    I have to develop a driver which encrypts the TCP data. So what I felt
    is write a hook to TCP/IP driver, capture the data ,encrypt it and
    pass it to TCP/IP driver. But I don't know the device name of the
    TCP/Ip driver to delegate the calls below. How can I find the device
    name of TCP/IP driver for attching to it.

    First of all, Am I correct in going for filter driver?

    Thanks in advance

    Regards,
    Gopikrishna
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217

    Hi GopiKrishna,



      If only data encryprtion is required, then I think a better
    approach would be developing an intermediate driver which will get all
    packets transferred from the TCP/IP stack. The Data can be accessed
    encrypted at this level using the algorithms.



    Regards,

    Sameer.



    At 12:54 PM 4/12/00 +0100, you wrote:

    Hi
    Kannan,


     

    Thanks for your reply.



    The only problem with your approach is that, not all applications use
    sockets (e.g. Neighbourhood network configured to use NETBIOS over
    TCP/IP). So what should I do in that case



     



    Regards,



    Gopikrishna



     

    ----- Original Message -----

    From: Kannan. S

    To: [email protected]


    Sent: Wednesday, April 12, 2000 7:23 AM

    Subject: RE: [ntdev] Writing hook driver over TCP/IP driver



    Hello Gopikrishna,

     

        While developing a driver may be one way, about which I dont know,

        if you intend to encrypt only the data transferred , then you can write

        something called winsock layered service provider, which is a user

        mode dll. You can hook onto all the socket calls and do encryption.

       

        Look in MSDN library documentation for "layered service provider"

        I think there is a knowledge base article on it and a good sample

        dll with sources.

     

    Cheers!

    /Kans.

       


    -----Original Message-----
    From: [email protected] [mailto:[email protected]]On Behalf Of Gopikrishna
    Sent: Wednesday, April 12, 2000 4:11 PM
    To: NT Developers Interest List
    Subject: [ntdev] Writing hook driver over TCP/IP driver




    I have to develop a driver which encrypts the TCP data. So what I felt
    is write a hook to TCP/IP driver, capture the  data ,encrypt it and
    pass it to TCP/IP driver. But I don't know the device name of the
    TCP/Ip driver to delegate the calls below. How can I find the device
    name of TCP/IP driver for attching to it.




    First of all, Am I correct in going for filter driver?




    Thanks in advance




    Regards,
    Gopikrishna






  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    These are the problems in doing encryption below the TCP/IP driver.

    On the receive side, I would only need to act on frames with data in (ignoring SYN's, ACK's etc).I would have to cater for fragmented packets (because the decryption must be done in the same order the encryption was).I would have to recalculate checksums because I would have modified the data.On the send side, I would have to cater for re-transmits in case a packet was not received by the other end of the conversation. (I could not just encrypt a packet again if it was sent down from MSTCP to be re-transmitted because the encryption would be out of sync)

    Once again, I would have to recalculate checksums because I would have modified the data.


    Regards,
    Gopikrishna.
    ----- Original Message -----
    From: Sameer Kohli
    To: NT Developers Interest List
    Sent: Wednesday, April 12, 2000 9:44 AM
    Subject: [ntdev] Re: Writing hook driver over TCP/IP driver


    Hi GopiKrishna,

    If only data encryprtion is required, then I think a better approach would be developing an intermediate driver which will get all packets transferred from the TCP/IP stack. The Data can be accessed encrypted at this level using the algorithms.

    Regards,
    Sameer.

    At 12:54 PM 4/12/00 +0100, you wrote:

    Hi Kannan,

    Thanks for your reply.

    The only problem with your approach is that, not all applications use sockets (e.g. Neighbourhood network configured to use NETBIOS over TCP/IP). So what should I do in that case



    Regards,

    Gopikrishna



    ----- Original Message -----
    From: Kannan. S
    To: [email protected]
    Sent: Wednesday, April 12, 2000 7:23 AM
    Subject: RE: [ntdev] Writing hook driver over TCP/IP driver

    Hello Gopikrishna,

    While developing a driver may be one way, about which I dont know,
    if you intend to encrypt only the data transferred , then you can write
    something called winsock layered service provider, which is a user
    mode dll. You can hook onto all the socket calls and do encryption.

    Look in MSDN library documentation for "layered service provider"
    I think there is a knowledge base article on it and a good sample
    dll with sources.

    Cheers!
    /Kans.

    -----Original Message-----
    From: [email protected] [mailto:[email protected]]On Behalf Of Gopikrishna
    Sent: Wednesday, April 12, 2000 4:11 PM
    To: NT Developers Interest List
    Subject: [ntdev] Writing hook driver over TCP/IP driver


    I have to develop a driver which encrypts the TCP data. So what I felt
    is write a hook to TCP/IP driver, capture the data ,encrypt it and
    pass it to TCP/IP driver. But I don't know the device name of the
    TCP/Ip driver to delegate the calls below. How can I find the device
    name of TCP/IP driver for attching to it.


    First of all, Am I correct in going for filter driver?


    Thanks in advance


    Regards,
    Gopikrishna




    --- You are currently subscribed to ntdev as: [email protected] To unsubscribe send a blank email to $subst('Email.Unsub')
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Gopikrishna,

    Have you investigated IPSEC? I believe that it has modes that are
    intended to operate as a "bump-in-the-stack" below the actual TCP
    stack.

    I agree that it would be easier to encrypt the data before TCP gets
    it, but I'm not sure that there is a defined way to intercept
    everything that goes to the TCP driver. I believe that it only
    understands TDI, so a standard filter driver approach wouln't work. I
    haven't seen anything in the DDK concerning IM-style drivers for TDI.
    The only thing that I've seen that would let you get most of the
    traffic would be the layered service provider interface.

    I know that it's not optimal, but an NDIS IM driver implementing some
    variant of IPSEC may be your best option.

    Clark
    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]]On Behalf Of Gopikrishna
    Sent: Wednesday, April 12, 2000 8:42 AM
    To: NT Developers Interest List
    Subject: [ntdev] Re: Writing hook driver over TCP/IP driver



    These are the problems in doing encryption below the TCP/IP driver.

    On the receive side, I would only need to act on frames with data in
    (ignoring SYN?s, ACK?s etc).I would have to cater for fragmented
    packets (because the decryption must be done in the same order the
    encryption was).I would have to recalculate checksums because I would
    have modified the data.On the send side, I would have to cater for
    re-transmits in case a packet was not received by the other end of the
    conversation. (I could not just encrypt a packet again if it was sent
    down from MSTCP to be re-transmitted because the encryption would be
    out of sync)

    Once again, I would have to recalculate checksums because I would
    have modified the data.


    Regards,
    Gopikrishna.
    ----- Original Message -----
    From: Sameer Kohli
    To: NT Developers Interest List
    Sent: Wednesday, April 12, 2000 9:44 AM
    Subject: [ntdev] Re: Writing hook driver over TCP/IP driver


    Hi GopiKrishna,

    If only data encryprtion is required, then I think a better
    approach would be developing an intermediate driver which will get all
    packets transferred from the TCP/IP stack. The Data can be accessed
    encrypted at this level using the algorithms.

    Regards,
    Sameer.

    At 12:54 PM 4/12/00 +0100, you wrote:

    Hi Kannan,

    Thanks for your reply.

    The only problem with your approach is that, not all
    applications use sockets (e.g. Neighbourhood network configured to use
    NETBIOS over TCP/IP). So what should I do in that case



    Regards,

    Gopikrishna



    ----- Original Message -----
    From: Kannan. S
    To: [email protected]
    Sent: Wednesday, April 12, 2000 7:23 AM
    Subject: RE: [ntdev] Writing hook driver over TCP/IP driver

    Hello Gopikrishna,

    While developing a driver may be one way, about which I
    dont know,
    if you intend to encrypt only the data transferred , then
    you can write
    something called winsock layered service provider, which
    is a user
    mode dll. You can hook onto all the socket calls and do
    encryption.

    Look in MSDN library documentation for "layered service
    provider"
    I think there is a knowledge base article on it and a good
    sample
    dll with sources.

    Cheers!
    /Kans.

    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]]On Behalf Of Gopikrishna
    Sent: Wednesday, April 12, 2000 4:11 PM
    To: NT Developers Interest List
    Subject: [ntdev] Writing hook driver over TCP/IP driver


    I have to develop a driver which encrypts the TCP data. So
    what I felt
    is write a hook to TCP/IP driver, capture the data
    ,encrypt it and
    pass it to TCP/IP driver. But I don't know the device name
    of the
    TCP/Ip driver to delegate the calls below. How can I find
    the device
    name of TCP/IP driver for attching to it.


    First of all, Am I correct in going for filter driver?


    Thanks in advance


    Regards,
    Gopikrishna




    --- You are currently subscribed to ntdev as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 6.0.2

    iQA/AwUBOPSHPOB0WaKgfXz5EQJb6ACfSBPBJitlVy1qUgH8HdZB47JV4H4AoL3i
    cX0Bq1NQ9zFfU4uQiWtmIJTC
    =OqFq
    -----END PGP SIGNATURE-----
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    You should go in for a Network TDI Client Driver. If you are communicating
    through a socket, then I feel that encryption should be done before the TCP
    connection is opened.

    At 11:40 AM 4/12/00 +0100, you wrote:
    >
    > I have to develop a driver which encrypts the TCP data. So what I felt
    > is write a hook to TCP/IP driver, capture the data ,encrypt it and
    > pass it to TCP/IP driver. But I don't know the device name of the
    > TCP/Ip driver to delegate the calls below. How can I find the device
    > name of TCP/IP driver for attching to it.
    >
    > First of all, Am I correct in going for filter driver?
    >
    > Thanks in advance
    >
    > Regards,
    > Gopikrishna
    >
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online
Writing WDF Drivers 22 May 2023 Live, Online