Hi,
I have WFP driver, which filter inbound/outbound network traffic,
I want to get notified when someone deletes my sublayer/wfp FILTER.
I am referring to
https://docs.microsoft.com/en-us/windows/desktop/fwp/monitoring-filter-changes
I went through different samples present and msdn and WFP Architecture, I am assuming my driver is kind of sublayer.
I was trying to achieve this using msdn sample. “monitoring filter changes” ie. user mode example.
https://docs.microsoft.com/en-us/windows/desktop/fwp/monitoring-filter-changes
I want use this user mode scheme/logic in my kernel mode WFP driver by calling ** FwpmFilterSubscribeChanges0 ** with callbacks.
Question is can I use same API in my kernel mode WFPdriver? If not what is correct way to use this kind of notification.
I tried building my driver using this API, driver built successful with external linker specification for Fwpuclnt.lib(this is user mode DLL, I didnt find kernl mode DLL with similar exports), driver failed to load.
Any help really appreciated.
Thanks,
Libin****