modifying traffic based on application ID

Hello everyone,

Im asking about if there is a possible way to modify the packets coming from specific application so I could for example rewrite the destination ip, port number and change the payload … etc then send it back to the stack !

what about virtual miniports ? I could chnage the routing table to redirect the whole traffic to that virtual miniport, and somehow checking the PAT on windows i can figure which flow using which source port number is responsible of which packets ? (i think its is impractical ) I need the maximum amount of control out of windows restrictions, and I know that WFP has a callout way to redirect traffic based on application, but as far as I read here http://msdn.microsoft.com/enus/library/windows/hardware/ff571005(v=vs.85).aspx

Its more about just redirecting, what if I want to change the payload …etc play with L4 L3 or whatever .

So what i want todo is :

if packets or flow coming from “Skype” change destination IP to 1.1.1.1
if packets or flow coming from “uTorrent” change destination port to 47777
if packets or flow coming from “COD call of duty game” change source port to 9999 destination ip to 105.1.1.1 and change some data in the payload.
… etc

How could i do that with maximum amount of control ? hooking tcpip on the applications ? to intercept their traffic at sending time before it reaches ndis ? virtual miniports ? LWF ?

Thank you in advance.

Look at the Windows Filtering Platform (WFP) facility for application-based
network traffic manipulation. The Windows Driver Kit (WDK) includes some WFP
driver samples.

At the packet level (NDIS LWFs, etc.) there is no application-specific
information. You can filter traffic based on examination of information in
packet headers and modify/drop/replace packets. However you won’t have
application ID to help you.

Thomas F. Divine
http://www.pcausa.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, February 15, 2014 1:14 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] modifying traffic based on application ID

Hello everyone,

Im asking about if there is a possible way to modify the packets coming from
specific application so I could for example rewrite the destination ip, port
number and change the payload … etc then send it back to the stack !

what about virtual miniports ? I could chnage the routing table to redirect
the whole traffic to that virtual miniport, and somehow checking the PAT on
windows i can figure which flow using which source port number is
responsible of which packets ? (i think its is impractical ) I need the
maximum amount of control out of windows restrictions, and I know that WFP
has a callout way to redirect traffic based on application, but as far as I
read here
http://msdn.microsoft.com/enus/library/windows/hardware/ff571005(v=vs.85).as
px

Its more about just redirecting, what if I want to change the payload …etc
play with L4 L3 or whatever .

So what i want todo is :

if packets or flow coming from “Skype” change destination IP to 1.1.1.1 if
packets or flow coming from “uTorrent” change destination port to 47777 if
packets or flow coming from “COD call of duty game” change source port to
9999 destination ip to 105.1.1.1 and change some data in the payload.
… etc

How could i do that with maximum amount of control ? hooking tcpip on the
applications ? to intercept their traffic at sending time before it reaches
ndis ? virtual miniports ? LWF ?

Thank you in advance.


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer