PureBasic Interface to WinDivert

Share your advanced PureBasic knowledge/code with the community.
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Re: PureBasic Interface to WinDivert

Post by Thunder93 »

Great stuff! Indeed a fun project.

After extraction I went to test an example and it thrown link errors because I'm using PB x64. I had to replace \binaries\WinDivert.dll and \binaries\WinDivert.lib with its x64 counterparts. Might be better way to support two different platforms straight out of the box. With WinDivert latest release.. it now searches for the driver files in the application's directory (as opposed to the current directory .. like previously).
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: PureBasic Interface to WinDivert

Post by JHPJHP »

Hi Thunder93,
After extraction I went to test an example and it thrown link errors because I'm using PB x64. I had to replace \binaries\WinDivert.dll and \binaries\WinDivert.lib with its x64 counterparts.
Thanks, I knew I forgot to mention something. :)
Might be better way to support two different platforms straight out of the box. With WinDivert latest release.. it now searches for the driver files in the application's directory
Are you referring to the programs application directory or Windows' Application directory? If the former - did you get a working configuration between 32bit and 64bit systems OOTB that can be applied to the package?

---------------------------------------------------

Updated:
- added: pb_procedures.pbi (includes\)
-- moved Procedure: TestForError (from examples)
-- added Procedure: URL2IP

I added the Procedure: URL2IP because WinDivert requires the use of IP addresses, and some of the examples stopped working due to a website changing their IP address.
Last edited by JHPJHP on Wed Nov 26, 2014 11:45 pm, edited 1 time in total.
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Re: PureBasic Interface to WinDivert

Post by Thunder93 »

With your second update. When I now go to create the required 64bit start_service executable, there's a error saying that TestForError() procedure has already been declared. :p

The start_service steps I would like to avoid. When I run wd_sniffing.pb and if the WinDivert driver hasn't been loaded. The first WinDivertOpen() call always fails because it's looking for the driver where the compiled executable is created. Which is %Temp% location unless 'Create temporary executable in the source directory' compiler option is enabled. As a last resort the start_service executable found in \binaries\ location is used where it is able to load WinDivert driver. Then have to re-run the example again for it to be successful.


.. I haven't done much work with WinDivert, been busy with another project. Then I was out AFK mostly, outside enjoying summer weather that has now passed. :evil:
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: PureBasic Interface to WinDivert

Post by JHPJHP »

Hi Thunder93,

All good suggestions. I moved some things around in the code that should make a difference.

Thank you.

--------------------------------------------------------------

Some minor changes have been made to the package, based on suggestions by Thunder93.

If you haven't already done so, check out the WinDivert site to see its full potential: http://reqrypt.org/windivert.html.
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Re: PureBasic Interface to WinDivert

Post by Thunder93 »

That makes a difference. Good job. :)
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Re: PureBasic Interface to WinDivert

Post by Thunder93 »

Hi JHPJHP.

The timeSetEvent API is using too small of a delay. 9/10 times I can't get the sniffing information.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

PureBasic Interface to WinDivert

Post by JHPJHP »

Hi Thunder93,

I'm glad you pointed that out, I originally set the timeout parameter to the lowest value that worked on my system. I've updated all the examples to 3 times the previous value, from 500 milliseconds to 1500, including lowering the resolution from 10 to 0 (most accurate, but highest CPU usage).

Thank you.

--------------------------------------------------------------

For anyone interested in WinDivert

With a slight modification to the examples:
- removing the timeout parameter, adjusting the filter, etc.
- incorporating a service (framework for creating one: http://www.purebasic.fr/english/viewtop ... 12&t=60881)

You'll have the beginnings of a powerful tool.
Last edited by JHPJHP on Tue Nov 11, 2014 2:56 am, edited 7 times in total.
User avatar
Thunder93
Addict
Addict
Posts: 1788
Joined: Tue Mar 21, 2006 12:31 am
Location: Canada

Re: PureBasic Interface to WinDivert

Post by Thunder93 »

I had to up it to 5000 to ensure it'll always capture when running via PB compiler.
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: PureBasic Interface to WinDivert

Post by JHPJHP »

Hi Thunder93,
I had to up it to 5000 to ensure it'll always capture when running via PB compiler.
The additional information is good. I'm going to leave the timeout at 1500 milliseconds, but I added the following extra lines of information to the readme.txt file.
- adjust an examples timeout parameter if the desired result in not received
-- currently set to 1500 milliseconds: timeSetEvent_(1500, ...)

Thank you.
Last edited by JHPJHP on Fri Nov 21, 2014 5:11 am, edited 1 time in total.
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: PureBasic Interface to WinDivert

Post by Kwai chang caine »

Hello JHPJHP

Thanks for all your precious sharing 8)
I'm on W7 and i have the msg error "MSVCR110.ddl missing" surely because i'm not administrator ? :oops:
ImageThe happiness is a road...
Not a destination
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: PureBasic Interface to WinDivert

Post by JHPJHP »

Hi Kwai chang caine,

You're correct about the required privileges, see the following quote from the WinDivert site:
1. To use WinDivert please ensure that you use the correct version (i.e. 32-bit WinDivert for 32-bit system, etc.) and that you are running with Administrator privileges. Otherwise WinDivert will fail to load.
2. As of version 1.0.4, the binary WinDivert drivers are signed by Nemea Mjukvaruutveckling (Nemea Software Development). We thank Nemea for their support. Commercial users of WinDivert should sign the driver with their own certificate if possible.
3. The WinDivert.dll and sample executables depend on an appropriate version of the Microsoft Visual C++ Redistributable library. For example, the MSVC WinDivert build depends on MSVCR110.dll. This file is not distributed as part of the WinDivert binary package and must be installed separately.
NB*: I've already included the Microsoft Visual C++ Redistributable: binaries/msvcr120.dll.

Thank you.
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

Re: PureBasic Interface to WinDivert

Post by JHPJHP »

For anyone interested in WinDivert

With a slight modification to the examples:
- removing the timeout parameter, adjusting the filter, etc.
- incorporating a service (framework for creating one: http://www.purebasic.fr/english/viewtop ... 12&t=60881)

You'll have the beginnings of a powerful tool.
Updated:
- added folder: services
-- CreateDeleteService.pb
-- WinDivertBlockHTTP_EXE.pb
-- WinDivertService_EXE.pb
- added: WinDivertBlockHTTP.exe (located in: binaries\)
- added: WinDivertService.exe (located in: binaries\)

*** The new scripts are an amalgamation of WinDivert and some of the other "Tricks 'n' Tips" I've uploaded. ***

Information:
- WinDivertBlockHTTP_EXE.pb : WinDivertBlockHTTP.exe
-- file used by Windows services to block all http sites (encrypted: https sites not affected)
- WinDivertService_EXE.pb : WinDivertService.exe
-- file used by Windows services to execute: WinDivertBlockHTTP.exe

Run the file: services/CreateDeleteService.pb to create / delete the service: WinDivertBlockHTTP. Once the service has been created, all non-encrypted sites should be blocked.
- when creating the service choose the file: binaries/WinDivertService.exe
- run the file a second time to delete the service


NB*: I've only tested the Windows services part of the package using PureBasic 32bit / Windows 7 64bit.
Last edited by JHPJHP on Wed Nov 26, 2014 11:46 pm, edited 2 times in total.
User avatar
Kwai chang caine
Always Here
Always Here
Posts: 5342
Joined: Sun Nov 05, 2006 11:42 pm
Location: Lyon - France

Re: PureBasic Interface to WinDivert

Post by Kwai chang caine »

Thanks for your answer and obviously for all your great works in the differents subjects 8)
ImageThe happiness is a road...
Not a destination
JHPJHP
Addict
Addict
Posts: 2129
Joined: Sat Oct 09, 2010 3:47 am
Contact:

PureBasic Interface to WinDivert

Post by JHPJHP »

Hi Kwai chang caine,

Thank you for your kind words.

---------------------------------------------------------------

Applied some updates to the code, including renaming some files.
- fixed a couple small things not worth mentioning

Updated the file: WinDivertBlockHTTP_EXE.pb (WinDivertBlockHTTP.exe).
- added a logging algorithm (includes a sound)
-- packet-data taken directly from the example: wd_sniffing.pb
-- saves packet information if 5 or more seconds have passed since the last connection attempt
-- log file saved to the folder/file: services/BlockedSites.txt

I added the logging algorithm because in the past I've used a program that monitored hidden outgoing connections that occurred without user interaction, and wondered if this simple example could catch such connections.
- the filter can be widened to include additional ports, etc., but for what I was trying to accomplish it worked

Code: Select all

filter.s = "outbound && ip && tcp.DstPort == 80 && tcp.PayloadLength > 0"
---------------------------------------------------------------

Updated the file: WinDivertBlockHTTP_EXE.pb (WinDivertBlockHTTP.exe).
- added a timeout function to test the service status, otherwise when the service was deleted the file WinDivertBlockHTTP.exe wouldn't know to quit until a website was loaded
-- function: WinDivertRecv holds execution until a packet is received
Locked