Hi all, I am trying to develop a WFP driver which can be used to redirect outgoing TCP connections to a local proxy server. To better understand the different components involved, I tried running WFPSampler project on a new Windows 11 installation:
WFPSampler -clean all
WFPSampler.exe -s PROXY -l FWPM_LAYER_ALE_CONNECT_REDIRECT_V4 -iprp 443 -ipp TCP -pra 127.0.0.1 -prp 8866 -plspid 13220 –v
After running this command, it seems that the WFPSampler service is successfully invoked through RPC:
INFO: ProxyScenarioExecute : RpcInvokeScenarioProxy() [status: 0]
and I can see that the following filter is registered at the ALE_CONNECT_REDIRECT_V4 layer:
Not sure if this is the expected outcome, but I cannot see any traffic being routed to my proxy server (listening locally at port 8866). Outgoing connections seem to work circumventing the proxy.
I am new to kernel development and not sure how can I further debug this and whether the callout function is ever invoked. I never managed to get TraceView working.
Any pointers would be greatly appreciated.