forked from basil00/WinDivert
-
Notifications
You must be signed in to change notification settings - Fork 0
WinDivert: Windows Packet Divert
License
steadybit/WinDivert
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
WinDivert 2.2: Windows Packet Divert
====================================
1. Introduction
---------------
Windows Packet Divert (WinDivert) is a user-mode packet interception library
for Windows 7, Windows 8 and Windows 10.
WinDivert enables user-mode capturing/modifying/dropping of network packets
sent to/from the Windows network stack. In summary, WinDivert can:
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, sniffers,
firewalls, NATs, VPNs, IDSs, tunneling applications, etc..
WinDivert supports the following features:
- packet interception, sniffing, or dropping modes
- support for loopback (localhost) traffic
- full IPv6 support
- network layer
- simple yet powerful API
- high-level filtering language
- filter priorities
- freely available under the terms of the GNU Lesser General Public
License (LGPLv3)
For more information see doc/windivert.html
2. Architecture
---------------
The basic architecture of WinDivert is as follows:
+-----------------+
| |
+------->| PROGRAM |--------+
| | (WinDivert.dll) | |
| +-----------------+ |
| | (3) re-injected
| (2a) matching packet | packet
| |
| |
[user mode] | |
....................|...................................|...................
[kernel mode] | |
| |
| |
+---------------+ +----------------->
(1) packet | | (2b) non-matching packet
------------>| WinDivert.sys |-------------------------------------------->
| |
+---------------+
The WinDivert.sys driver is installed below the Windows network stack. The
following actions occur:
(1) A new packet enters the network stack and is intercepted by WinDivert.sys
(2a) If the packet matches the PROGRAM-defined filter, it is diverted. The
PROGRAM can then read the packet using a call to WinDivertRecv().
(2b) If the packet does not match the filter, the packet continues as normal.
(3) PROGRAM either drops, modifies, or re-injects the packet. PROGRAM can
re-inject the (modified) using a call to WinDivertSend().
3. License
----------
WinDivert is dual-licensed under your choice of the GNU Lesser General Public
License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2.
See the LICENSE file for more information.
4. About
--------
Original WinDivert was written by basil.
The homepage for WinDivert is:
https://reqrypt.org/windivert.html
This is a version of WinDivert used for Windows Steadybit extensions.
4. Requirements
--------
- [Visual Studio 2022](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk#download-icon-for-visual-studio-step-1-install-visual-studio-2022)
- [Windows Driver Kit](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk#download-icon-for-sdk-step-2-install-sdk)
- [Windows SDK](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk#download-icon-for-wdk-step-3-install-wdk)
5. Good to Know
--------
Test driver certificate must be added to "Trusted Root Certification Authorities" using ```certmgr.msc```.
To see if the certificate is well formed use ```certutil -dump [certname].cer```.
To check if the .sys file is properly signed use ```signtool verify /pa /v .\[sysname].sys```.
By default Windows does not load test-signed kernel-mode drivers. To change this several things must be done:
- Turn off secure boot (if you use bitlocker volume encryption don't forget to retrieve recovery key beforehand).
- In CLI ```Bcdedit.exe -set TESTSIGNING ON```.
- Restart the machine.
- Test-signed driver can be used.About
WinDivert: Windows Packet Divert
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 99.2%
- Batchfile 0.8%