I have a program that perform changes with udp traffic. That program uses WFP for it. Also I know GUID of filter and callout, that perform changes.
- How can I inspect changes on specified packets?
- Is there any method to detect packets, that was marked by some filter with flag FWPS_CLASSIFY_OUT_FLAG_ABSORB before it was re-injected.