How to modify tcp packet and udp packet content

I know that the packet can be modified in FWPM_LAYER_STREAM_V4 and FWPM_LAYER_DATAGRAM_DATA_V4. I know that the packet should be modified in NBL, NB, MDL.But after getting TCP and UDP NBL and traversing NB, what should I do?

What do you WANT to do?

For example, tcpclient or udpclient sends “I like you” to the server, and after interception, modify it to “I love you, too”

My own idea is to modify NBL, NB and MDL, but I don’t know how to get content(“I like youe”) and how to modify it

If you want to modify the content of a packet (For example at DATAGRAM_DATA) then you need to be using the layerData parameter mentioned here https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/fwpsk/nc-fwpsk-fwps_callout_classify_fn0

For TCP i’d use CONNECT_REDIRECT to proxy the TCP flow into usermode and alter the stream there before establishing an onward connection. Again, the best solution depends on your ultimate goal - but this should get you started

Again, for UDP each write that the stack sees will be a whole UDP datagram. This might be split into multiple Ethernet frames, but it is a single logical message. For TCP it will be some arbitrary fragment of the TCP stream that underlies the next higher level protocol. For the simplest protocols like SMTP, each write probably encapsulates a single command or response, but more complex protocols especially at higher bandwidths will not be so simple.

A more specific goal will help, but I hope these first principal items will help focus your thinking