The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am trying to block dns requests, using WFP driver. I am checking DNS port 53, I am able to get all DNS requests. I wanted to know exact process that has initiated DNS request, for chrome.exe, nslookup I am able to get exact process ID. but for some processes msedge, ping I am not able to get exact process ID, instead I am getting svchost (dnsclient service) PID.
Any workaround how I can get the exact process Id that initiated DNS query?
Thanks in Advance
|Upcoming OSR Seminars
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
|13-17 May 2024
|1-5 Apr 2024
|Internals & Software Drivers
|11-15 Mar 2024
|Writing WDF Drivers
|20-24 May 2024