Hello everybody, thank you for looking at my question, I’m a newbie in WFP, please help me.
I’m developing a WFP driver based on msnmntr sample (https://github.com/Microsoft/Windows-driver-samples/tree/master/network/trans/msnmntr) and my goal is to write all inbound and outbound GET requests into a txt file. (I’m sitting at FWPM_LAYER_STREAM_V4 )
I’ve tried 2 methods:
I notice that msnmntr uses FwpsCopyStreamDataToBuffer to copy stream data into buffer
FwpsCopyStreamDataToBuffer(
streamBuffer,
stream,
streamLength,
&bytesCopied);DoTraceMessage(TRACE_CLIENT_SERVER, “%s”, (const char*)stream);
so I’ve tried to print that buffer directly by DoTraceMessage but I’ve got a crash because the stream data is non-terminated and DoTraceMessage doesn’t support buffer length.
- I’ve tried to create work item to write stream data into a file by calling ZwWriteFile but there was no device object in classifyfn function to set as parent object to create a work item.
So now I believe that I need an advice to acheive my purpose. What is the best way for me to write all inbound and outbound GET requests into a txt file?