The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I want to redirect the traffic of curl.exe to my proxy process proxy.exe through the WFP driver. On the way, I encountered a problem, that is, WFP cannot intercept the DNS package of curl.exe. Later I found out that curl.exe is actually a DNS packet sent by a system process agent called svchost.exe, so my WFP driver can only intercept the packets sent by svchost.exe.
Later, I also tried to use the WFP driver to intercept the DNS request sent by svchost.exe and proxy it out through my proxy.exe, but it didn't seem to have any effect.
Later, I tried to use the WFP driver to intercept the DNS request sent by nslookup.exe and proxy it out through my proxy.exe, but it was successful again.
So my question is: My WFP program can successfully obtain correct domain name resolution by intercepting nslookup.exe and proxy.exe, but cannot successfully obtain correct domain name resolution by intercepting svchost.exe through proxy.exe.
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||12 September 2022||Live, Online|
|Internals & Software Drivers||23 October 2022||Live, Online|
|Kernel Debugging||14 November 2022||Live, Online|
|Developing Minifilters||5 December 2022||Live, Online|