The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Hello everyone. I am modifying the NDIS 6 filter driver sample. My goal is to parse the network packets so that I can capture GET requests. I have parsed Ethernet, IP and TCP headers inside one MDL and found my GET request in the next MDL. However, I have observed that after the TCP header ends, the payload does not directly come after.
I have also observed that the data length of my NET_BUFFER is nearly 600 when it includes the HTTP request. My question is, is there a way to find the GET request without traversing the MDL chain?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Internals & Software Drivers||15 November 2021||Live, Online|
|Writing WDF Drivers||24 January 2022||Live, Online|
|Developing Minifilters||7 February 2022||Live, Online|
|Kernel Debugging||21 March 2022||Live, Online|