Making a program that intercepts network traffic in Windows

Question

Sort of what I\'m asking is \"how to make a software firewall for Windows,\" but something not so complex. I\'m surprised I can find so little when searching for this, only the

Answer 1

The DIY way would be going in kernel mode, using filter-hook drivers (for Windows 2000-XP) or WFP Callout Drivers.

If you want to let others do the dirty work in kernel-mode, the WinPcap driver/library sports lots of low-level network features, including the ones you need, that you can use from user-mode (notice that using WinPcap you can't drop packets).

Answer 2

I think what you are looking for is a packet sniffer, it will intercept almost all communications over a network. If you want to use a library, check out WinPCap, which was meant for exactly this purpose.

Also, if you think that you just want something pre-written and just want to modify it, check out Wireshark. Although, reading code is often more difficult than writing it.

Answer 3

It sounds like what you're looking for is a Winsock Service Provider Interface (SPI) Layered Service Provider (LSP). From what you've said, if you're dealing with Vista or newer, you probably want to implement an instance of the LSP_INSPECTOR class. For older versions of Windows, that class doesn't apply exactly, but the same general idea does. On Vista/7, you set the category (class) for your application with WSCSetApplicationCategory. To install your provider, you fill out a WSAPROTOCOL_INFO structure, then register it by calling WSCInstallProvider.