It is currently Tue Apr 25, 2017 1:43 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 38 posts ]  Go to page 1, 2, 3  Next
Author Message
 Post subject: PureBasic Interface to WinDivert
PostPosted: Mon Nov 03, 2014 7:18 pm 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Download: PureBasic Interface to WinDivert
- self-contained package, includes everything needed to run the examples

-----------------------------------------------------------------------------------

WinDivert samples converted to PureBasic: http://www.purebasic.fr/english/viewtopic.php?f=12&t=60965&hilit=windivert
- provided by Thunder93 who also contributed to this release

-----------------------------------------------------------------------------------

MY OTHER Tricks 'n' Tips
PureBasic Interface to OpenCV
PureBasic Interface to UnRAR (WinRAR)
PureBasic Interface to SevenZip (7-zip)
PureBasic Interface to ImDisk
Services, Stuff, and Shellhook
Embed JS Framework into PureBasic
LSB (Least Significant Bit) File Embedding
Spider Web Drawing
Image Waves
Geolocation via WebGadget
Barcode Generator
Comic Book / Magnifying Glass
GIF Toolkit
VfW (Video for Windows)
Alternate Console
Network Share Management Functions

-----------------------------------------------------------------------------------

TESTED
- Windows 7, Windows 8, Windows 10

INCLUDED
- PureBasic 5.24 / 5.42 LTS (x86/x64)
-- 15 examples (x86 / x64), 5 htm files, 6 includes (2 data sections), windivert.ico, readme.txt

- WinDivert v1.2.0 RC (WDDK): http://reqrypt.org/windivert.html
-- WinDivert.dll (x86 / x64), WinDivert.lib (x86 / x64), WinDivert32.sys, WinDivert64.sys
-- windivert.html, windivert.h, windivert_device.h, windivert_dll.c, windivert_sys.c, license.txt
-- netdump.c, netfilter.c, passthru.c, webfilter.c
-- netdump.exe, netfilter.exe, passthru.exe, webfilter.exe (x86 / x64)

-----------------------------------------------------------------------------------

EXAMPLES
- wd_app_session.pb
-- creates an HTTP block or redirect session
-- threads are used to manage a session controlled from a GUI

- wd_block.pb
-- blocks a website displaying a default message
-- includes a redundant process timer to disconnect WinDivert

- wd_htmdata1.pb and wd_htmdata2.pb
-- loads and injects packets from a data section
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert

- wd_htmfile1.pb to wd_htmfile4.pb
-- loads and injects packets from an htm file
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert

- wd_inflate.pb
-- inflates a website with the help of zlib
-- includes a redundant deflate / inflate to prove out the process
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert
-- debug is needed (defaulted) to view the inflated source

- wd_redirect.pb
-- redirects a website
-- includes a process timer to disconnect WinDivert

- wd_replace1.pb to wd_replace4.pb
-- replaces and injects packets with the help of zLib
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert

- wd_sniffing.pb
-- sniffs various packet data converting it to a readable format
-- quits after receiving a Fin packet followed by an Ack packet
-- includes a redundant process timer to disconnect WinDivert
-- debug is needed (defaulted) to view the packet information

NOTES
- wd_app_session.pb
-- Use Icon: binaries\windivert.ico
-- Create unicode executable: checked
-- Create threadsafe executable: checked
-- Enable modern theme support (for Windows XP and above): checked
-- Request Administrator mode for Windows Vista and above: checked
-- Compiler Options--Compile/Run--Current directory: binaries\x86 || binaries\x64

- Examples
-- Create unicode executable: checked
-- Request Administrator mode for Windows Vista and above: checked
-- Compiler Options--Compile/Run--Current directory: binaries\x86 || binaries\x64

-----------------------------------------------------------------------------------

*** The following can affect an examples intended result ***
- HSTS protocol, browser type, compression method / transfer encoding, HTTP redirection


Last edited by JHPJHP on Tue Feb 28, 2017 2:14 am, edited 122 times in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Tue Nov 04, 2014 6:01 am 
Offline
Addict
Addict
User avatar

Joined: Tue Mar 21, 2006 12:31 am
Posts: 1720
Location: Canada
Great stuff! Indeed a fun project.

After extraction I went to test an example and it thrown link errors because I'm using PB x64. I had to replace \binaries\WinDivert.dll and \binaries\WinDivert.lib with its x64 counterparts. Might be better way to support two different platforms straight out of the box. With WinDivert latest release.. it now searches for the driver files in the application's directory (as opposed to the current directory .. like previously).

_________________
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Tue Nov 04, 2014 9:46 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Hi Thunder93,

Quote:
After extraction I went to test an example and it thrown link errors because I'm using PB x64. I had to replace \binaries\WinDivert.dll and \binaries\WinDivert.lib with its x64 counterparts.

Thanks, I knew I forgot to mention something. :)

Quote:
Might be better way to support two different platforms straight out of the box. With WinDivert latest release.. it now searches for the driver files in the application's directory

Are you referring to the programs application directory or Windows' Application directory? If the former - did you get a working configuration between 32bit and 64bit systems OOTB that can be applied to the package?

---------------------------------------------------

Updated:
- added: pb_procedures.pbi (includes\)
-- moved Procedure: TestForError (from examples)
-- added Procedure: URL2IP

I added the Procedure: URL2IP because WinDivert requires the use of IP addresses, and some of the examples stopped working due to a website changing their IP address.


Last edited by JHPJHP on Wed Nov 26, 2014 11:45 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Tue Nov 04, 2014 11:44 pm 
Offline
Addict
Addict
User avatar

Joined: Tue Mar 21, 2006 12:31 am
Posts: 1720
Location: Canada
With your second update. When I now go to create the required 64bit start_service executable, there's a error saying that TestForError() procedure has already been declared. :p

The start_service steps I would like to avoid. When I run wd_sniffing.pb and if the WinDivert driver hasn't been loaded. The first WinDivertOpen() call always fails because it's looking for the driver where the compiled executable is created. Which is %Temp% location unless 'Create temporary executable in the source directory' compiler option is enabled. As a last resort the start_service executable found in \binaries\ location is used where it is able to load WinDivert driver. Then have to re-run the example again for it to be successful.


.. I haven't done much work with WinDivert, been busy with another project. Then I was out AFK mostly, outside enjoying summer weather that has now passed. :evil:

_________________
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Wed Nov 05, 2014 12:34 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Hi Thunder93,

All good suggestions. I moved some things around in the code that should make a difference.

Thank you.

--------------------------------------------------------------

Some minor changes have been made to the package, based on suggestions by Thunder93.

If you haven't already done so, check out the WinDivert site to see its full potential: http://reqrypt.org/windivert.html.


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Wed Nov 05, 2014 12:53 am 
Offline
Addict
Addict
User avatar

Joined: Tue Mar 21, 2006 12:31 am
Posts: 1720
Location: Canada
That makes a difference. Good job. :)

_________________
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Thu Nov 06, 2014 3:43 am 
Offline
Addict
Addict
User avatar

Joined: Tue Mar 21, 2006 12:31 am
Posts: 1720
Location: Canada
Hi JHPJHP.

The timeSetEvent API is using too small of a delay. 9/10 times I can't get the sniffing information.

_________________
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley


Top
 Profile  
Reply with quote  
 Post subject: PureBasic Interface to WinDivert
PostPosted: Thu Nov 06, 2014 4:11 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Hi Thunder93,

I'm glad you pointed that out, I originally set the timeout parameter to the lowest value that worked on my system. I've updated all the examples to 3 times the previous value, from 500 milliseconds to 1500, including lowering the resolution from 10 to 0 (most accurate, but highest CPU usage).

Thank you.

--------------------------------------------------------------

For anyone interested in WinDivert

With a slight modification to the examples:
- removing the timeout parameter, adjusting the filter, etc.
- incorporating a service (framework for creating one: http://www.purebasic.fr/english/viewtopic.php?f=12&t=60881)

You'll have the beginnings of a powerful tool.


Last edited by JHPJHP on Tue Nov 11, 2014 2:56 am, edited 7 times in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Thu Nov 06, 2014 4:25 am 
Offline
Addict
Addict
User avatar

Joined: Tue Mar 21, 2006 12:31 am
Posts: 1720
Location: Canada
I had to up it to 5000 to ensure it'll always capture when running via PB compiler.

_________________
ʽʽSuccess is almost totally dependent upon drive and persistence. The extra energy required to make another effort or try another approach is the secret of winning.ʾʾ --Dennis Waitley


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Thu Nov 06, 2014 11:28 pm 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Hi Thunder93,

Quote:
I had to up it to 5000 to ensure it'll always capture when running via PB compiler.

The additional information is good. I'm going to leave the timeout at 1500 milliseconds, but I added the following extra lines of information to the readme.txt file.
- adjust an examples timeout parameter if the desired result in not received
-- currently set to 1500 milliseconds: timeSetEvent_(1500, ...)

Thank you.


Last edited by JHPJHP on Fri Nov 21, 2014 5:11 am, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Fri Nov 07, 2014 10:46 am 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 3750
Location: Lyon - France
Hello JHPJHP

Thanks for all your precious sharing 8)
I'm on W7 and i have the msg error "MSVCR110.ddl missing" surely because i'm not administrator ? :oops:

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Fri Nov 07, 2014 11:26 pm 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Hi Kwai chang caine,

You're correct about the required privileges, see the following quote from the WinDivert site:
Quote:
1. To use WinDivert please ensure that you use the correct version (i.e. 32-bit WinDivert for 32-bit system, etc.) and that you are running with Administrator privileges. Otherwise WinDivert will fail to load.
2. As of version 1.0.4, the binary WinDivert drivers are signed by Nemea Mjukvaruutveckling (Nemea Software Development). We thank Nemea for their support. Commercial users of WinDivert should sign the driver with their own certificate if possible.
3. The WinDivert.dll and sample executables depend on an appropriate version of the Microsoft Visual C++ Redistributable library. For example, the MSVC WinDivert build depends on MSVCR110.dll. This file is not distributed as part of the WinDivert binary package and must be installed separately.

NB*: I've already included the Microsoft Visual C++ Redistributable: binaries/msvcr120.dll.

Thank you.


Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Tue Nov 11, 2014 2:41 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Quote:
For anyone interested in WinDivert

With a slight modification to the examples:
- removing the timeout parameter, adjusting the filter, etc.
- incorporating a service (framework for creating one: viewtopic.php?f=12&t=60881)

You'll have the beginnings of a powerful tool.

Updated:
- added folder: services
-- CreateDeleteService.pb
-- WinDivertBlockHTTP_EXE.pb
-- WinDivertService_EXE.pb
- added: WinDivertBlockHTTP.exe (located in: binaries\)
- added: WinDivertService.exe (located in: binaries\)

*** The new scripts are an amalgamation of WinDivert and some of the other "Tricks 'n' Tips" I've uploaded. ***

Information:
- WinDivertBlockHTTP_EXE.pb : WinDivertBlockHTTP.exe
-- file used by Windows services to block all http sites (encrypted: https sites not affected)
- WinDivertService_EXE.pb : WinDivertService.exe
-- file used by Windows services to execute: WinDivertBlockHTTP.exe

Run the file: services/CreateDeleteService.pb to create / delete the service: WinDivertBlockHTTP. Once the service has been created, all non-encrypted sites should be blocked.
- when creating the service choose the file: binaries/WinDivertService.exe
- run the file a second time to delete the service


NB*: I've only tested the Windows services part of the package using PureBasic 32bit / Windows 7 64bit.


Last edited by JHPJHP on Wed Nov 26, 2014 11:46 pm, edited 2 times in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: PureBasic Interface to WinDivert
PostPosted: Wed Nov 12, 2014 10:52 am 
Offline
Addict
Addict
User avatar

Joined: Sun Nov 05, 2006 11:42 pm
Posts: 3750
Location: Lyon - France
Thanks for your answer and obviously for all your great works in the differents subjects 8)

_________________
ImageThe happiness is a road...
Not a destination


Top
 Profile  
Reply with quote  
 Post subject: PureBasic Interface to WinDivert
PostPosted: Thu Nov 13, 2014 3:00 am 
Offline
Addict
Addict
User avatar

Joined: Sat Oct 09, 2010 3:47 am
Posts: 1224
Hi Kwai chang caine,

Thank you for your kind words.

---------------------------------------------------------------

Applied some updates to the code, including renaming some files.
- fixed a couple small things not worth mentioning

Updated the file: WinDivertBlockHTTP_EXE.pb (WinDivertBlockHTTP.exe).
- added a logging algorithm (includes a sound)
-- packet-data taken directly from the example: wd_sniffing.pb
-- saves packet information if 5 or more seconds have passed since the last connection attempt
-- log file saved to the folder/file: services/BlockedSites.txt

I added the logging algorithm because in the past I've used a program that monitored hidden outgoing connections that occurred without user interaction, and wondered if this simple example could catch such connections.
- the filter can be widened to include additional ports, etc., but for what I was trying to accomplish it worked
Code:
filter.s = "outbound && ip && tcp.DstPort == 80 && tcp.PayloadLength > 0"

---------------------------------------------------------------

Updated the file: WinDivertBlockHTTP_EXE.pb (WinDivertBlockHTTP.exe).
- added a timeout function to test the service status, otherwise when the service was deleted the file WinDivertBlockHTTP.exe wouldn't know to quit until a website was loaded
-- function: WinDivertRecv holds execution until a packet is received


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 38 posts ]  Go to page 1, 2, 3  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: hrcoder and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 


Powered by phpBB © 2008 phpBB Group
subSilver+ theme by Canver Software, sponsor Sanal Modifiye