NDIS Filter Driver Sample
This sample demonstrates how to develop a Network Driver Interface Specification (NDIS) filter driver for Windows. NDIS filter drivers allow you to intercept, inspect, and modify network packets passing through the network stack. This particular sample focuses on a basic packet monitoring and logging functionality.
Features:
- Packet Monitoring: Captures incoming and outgoing network packets.
- Packet Logging: Logs basic information about captured packets to a file.
- Driver Installation: Includes instructions and INF file for driver installation.
- Basic Filtering: Demonstrates how to attach to the network stack.
Sample Code Overview:
The sample project includes the following key components:
ndisfilter.c: The main source file containing the driver's core logic, including packet handling routines (PacketSendNetPkt,PacketReceiveNetPkt).ndisfilter.h: Header file defining structures, constants, and function prototypes.makefile: A build script (often used in conjunction with build environments like WDK).ndisfilter.inf: The INF file used for installing the driver on Windows.
Key Concepts Demonstrated:
- NDIS Miniport/Filter Driver Model: Understanding the role of filter drivers in the NDIS architecture.
- Packet Handling: Implementing callbacks to process network packets.
- Driver Entry and Unload: Standard driver initialization and cleanup.
- NDIS OIDs: Handling Object Identifiers for driver configuration and status.
Prerequisites:
- Windows Driver Kit (WDK) installed.
- A compatible development environment (e.g., Visual Studio with WDK integration).
Getting Started:
- Download the sample code archive.
- Open the solution in Visual Studio.
- Build the driver project for your target architecture (Win32 or x64).
- Follow the instructions in the accompanying documentation (or the README within the sample) to install the driver using the provided INF file.
- Test the driver by sending network traffic and checking the generated log files.