Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

wfp redirection udp packet is always invalid, I have rebuilt NB and NBL

Minzhang_HeMinzhang_He Member Posts: 6
edited July 25 in NTDEV

I use FWPM_LAYER_ALE_AUTH_CONNECT_V4/6 and FWPM_LAYER_OUTBOUND_TRANSPORT_V4/6, and FWPM_LAYER_ALE_FLOW_ESTABLISHED_V4 and FWPM_LAYER_DATAGRAM_DATA_V4. By assigning the context, the packet is redirected to the local port.


if (!gDriverUnloading)
    signalWorkerThread = IsListEmpty(&gPacketQueue);
    pClassifyOut->actionType = FWP_ACTION_BLOCK;
    pClassifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
    pClassifyOut->flags |= FWPS_CLASSIFY_OUT_FLAG_ABSORB;

The first method to rebuild nbl:

___FwpsAllocateCloneNetBufferList ,

sendArgs.remoteAddress =
    (packet->belongingFlow->toRemoteAddr ? packet->belongingFlow->toRemoteAddr
        : (UINT8*)&packet->remoteAddr);_


The second method to rebuild nbl:


sendArgs.remoteAddress = (UCHAR*)&udpDestAddr;

status = KrnlHlprIPHeaderGet(clonedNetBufferList,


The packet still cannot be redirected, can you help me?

Post edited by Minzhang_He on


  • Minzhang_HeMinzhang_He Member Posts: 6

    I just used the udp demo test and found that the test was successful. My purpose is to redirect chrome's dns request. However, the interception and rewriting of the local port cannot succeed.

  • Jason_StephensonJason_Stephenson Member Posts: 73

    You haven't posted enough information for any concrete answers, and the stuff you have posted looks like sample code.

    The packet still cannot be redirected

    What exactly is happening? is a call failing? What's the error code?

    My purpose is to redirect chrome's dns request

    This should be achievable at DATAGRAM_DATA for UDP and CONNECT_REDIRECT for TCP

    However, the interception and rewriting of the local port cannot succeed.

    What fails? Also, you want to rewrite the remote port


  • Minzhang_HeMinzhang_He Member Posts: 6

    I am very excited that you can reply to my question. I have solved the chrome dns problem. The reason for the failure is not that there is no problem with the code. Your previous reply is one of the reference materials I have developed over the past few months. I even organized these materials specially.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA