-
-
[求助]WFP如何抓包 ping baidu.com
-
发表于: 2023-5-12 11:40
-
我想用WFP过滤出我需要的网络访问,过滤回调函数如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | VOID NTAPI classifyFn( _In_ const FWPS_INCOMING_VALUES0* inFixedValues, _In_ const FWPS_INCOMING_METADATA_VALUES0* inMetaValues, _Inout_opt_ void* layerData, _In_opt_ const void* classifyContext, _In_ const FWPS_FILTER* filter, _In_ UINT64 flowContext, _Inout_ FWPS_CLASSIFY_OUT0* classifyOut) { if (layerData != NULL) { DbgPrint("layerData != NULL"); PNET_BUFFER_LIST pNetBufferList = (PNET_BUFFER_LIST)layerData; PNET_BUFFER pFirstBuffer = NET_BUFFER_LIST_FIRST_NB(pNetBufferList); PMDL pMDL = NET_BUFFER_FIRST_MDL(pFirstBuffer); ULONG dataBufferLength = 0; VOID* pData = NULL; while (pMDL) { NdisQueryMdl(pMDL, (PVOID*)&pData, &dataBufferLength, NormalPagePriority); if (pData != NULL) { for (ULONG i = 0; i < pMDL->ByteCount; i++) { DbgPrint("%d == %c", i, ((char*)pData)[i]); } } pMDL = pMDL->Next; } } |
用debugview查看打印结果如下 
求助,百度应该返回的32个字节的数据,为啥我比它返回的多。还有我的代码有什么问题吗?求大神指导,感恩
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
