PureBasic Interface to WinDivert

[JHPJHP]

-----------------------------------------------------------------------------------

Download PureBasic Interface to WinDivert from My PureBasic Stuff

-----------------------------------------------------------------------------------

WinDivert samples converted to PureBasic: http://www.purebasic.fr/english/viewtop ... =windivert
- provided by Thunder93 who also contributed to this release

-----------------------------------------------------------------------------------

Announcements
PureBasic Interface to OpenCV
PureBasic Interface to WinDivert
PureBasic Interface to WinRAR
PureBasic Interface to 7-Zip
PureBasic Interface to ImDisk
Windows Services & Other Stuff
Invading Space Aliens
Death Star vs Asteroids
GIF Toolkit
LSB Image Steganography
Spider Web Drawing
Deform Image: MLS
Video Snipping Tool
Chromium WebGadget
IAccessible Interface
Stitch Images: SIFT
OldSkool Fire Effect
Image Waves: LUT
YouTube Player & Downloader
MP4 Player & Downloader
Large Image Viewer
Barcode Generator
Google Translate Service
Embed JS into PureBasic
Geolocation: Google Maps
Book & Viewer & Magnify
Video for Windows: VfW
Alternate Console
Network Share Management

-----------------------------------------------------------------------------------

INCLUDED
- 8 examples, 2 htm files, 5 includes (1 data section)
- windivert.ico, readme.txt

- WinDivert v1.4.2 ( WDDK ): http://reqrypt.org/windivert.html
-- WinDivert.dll, WinDivert.lib, WinDivert32.sys, WinDivert64.sys
-- windivert.html, windivert.h, windivert_device.h, windivert_dll.c, windivert_sys.c, license.txt
-- netdump.c, netfilter.c, passthru.c, streamdump.c, webfilter.c
-- netdump.exe, netfilter.exe, passthru.exe, streamdump.exe, webfilter.exe

-----------------------------------------------------------------------------------

EXAMPLES
- wd_app_session.pb
-- creates an HTTP block or redirect session
-- threads are used to manage a session controlled from a GUI

- wd_block.pb
-- blocks a website displaying a default message
-- includes a redundant process timer to disconnect WinDivert

- wd_htmdata.pb
-- loads and injects packets from a data section
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert

- wd_htmfile.pb
-- loads and injects packets from an htm file
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert

- wd_inflate.pb (removed)
-- inflates a website with the help of zlib
-- includes a redundant deflate / inflate to prove out the process
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert
-- debug is needed (defaulted) to view the inflated source

- wd_redirect.pb
-- redirects a website
-- includes a process timer to disconnect WinDivert

- wd_replace.pb (removed)
-- replaces and injects packets with the help of zLib
-- calculates the total packet size to determine the last packet
-- includes a redundant process timer to disconnect WinDivert

- wd_sniffing.pb
-- sniffs various packet data converting it to a readable format
-- quits after receiving a Fin packet followed by an Ack packet
-- includes a redundant process timer to disconnect WinDivert
-- debug is needed (defaulted) to view the packet information

NOTES
- wd_app_session.pb
-- Create threadsafe executable: checked
-- Request Administrator mode for Windows Vista and above: checked
-- Compiler Options--Compile/Run--Current directory: binaries\x86 || binaries\x64

- Examples
-- Request Administrator mode for Windows Vista and above: checked
-- Compiler Options--Compile/Run--Current directory: binaries\x86 || binaries\x64

-----------------------------------------------------------------------------------

*** The following can affect an examples intended result ***
- HSTS protocol, browser type, compression method / transfer encoding, HTTP redirection

[Thunder93]

Great stuff! Indeed a fun project.

After extraction I went to test an example and it thrown link errors because I'm using PB x64. I had to replace \binaries\WinDivert.dll and \binaries\WinDivert.lib with its x64 counterparts. Might be better way to support two different platforms straight out of the box. With WinDivert latest release.. it now searches for the driver files in the application's directory (as opposed to the current directory .. like previously).

[JHPJHP]

Hi Thunder93,

After extraction I went to test an example and it thrown link errors because I'm using PB x64. I had to replace \binaries\WinDivert.dll and \binaries\WinDivert.lib with its x64 counterparts.

Thanks, I knew I forgot to mention something.

Might be better way to support two different platforms straight out of the box. With WinDivert latest release.. it now searches for the driver files in the application's directory

Are you referring to the programs application directory or Windows' Application directory? If the former - did you get a working configuration between 32bit and 64bit systems OOTB that can be applied to the package?

---------------------------------------------------

Updated:
- added: pb_procedures.pbi (includes\)
-- moved Procedure: TestForError (from examples)
-- added Procedure: URL2IP

I added the Procedure: URL2IP because WinDivert requires the use of IP addresses, and some of the examples stopped working due to a website changing their IP address.

[Thunder93]

With your second update. When I now go to create the required 64bit start_service executable, there's a error saying that TestForError() procedure has already been declared. :p

The start_service steps I would like to avoid. When I run wd_sniffing.pb and if the WinDivert driver hasn't been loaded. The first WinDivertOpen() call always fails because it's looking for the driver where the compiled executable is created. Which is %Temp% location unless 'Create temporary executable in the source directory' compiler option is enabled. As a last resort the start_service executable found in \binaries\ location is used where it is able to load WinDivert driver. Then have to re-run the example again for it to be successful.


.. I haven't done much work with WinDivert, been busy with another project. Then I was out AFK mostly, outside enjoying summer weather that has now passed.

[JHPJHP]

Hi Thunder93,

All good suggestions. I moved some things around in the code that should make a difference.

Thank you.

--------------------------------------------------------------

Some minor changes have been made to the package, based on suggestions by Thunder93.

If you haven't already done so, check out the WinDivert site to see its full potential: http://reqrypt.org/windivert.html.

[Thunder93]

That makes a difference. Good job.

[Thunder93]

Hi JHPJHP.

The timeSetEvent API is using too small of a delay. 9/10 times I can't get the sniffing information.

[JHPJHP]

Hi Thunder93,

I'm glad you pointed that out, I originally set the timeout parameter to the lowest value that worked on my system. I've updated all the examples to 3 times the previous value, from 500 milliseconds to 1500, including lowering the resolution from 10 to 0 (most accurate, but highest CPU usage).

Thank you.

--------------------------------------------------------------

For anyone interested in WinDivert

With a slight modification to the examples:
- removing the timeout parameter, adjusting the filter, etc.
- incorporating a service (framework for creating one: http://www.purebasic.fr/english/viewtop ... 12&t=60881)

You'll have the beginnings of a powerful tool.

[Thunder93]

I had to up it to 5000 to ensure it'll always capture when running via PB compiler.

[JHPJHP]

Hi Thunder93,

I had to up it to 5000 to ensure it'll always capture when running via PB compiler.

The additional information is good. I'm going to leave the timeout at 1500 milliseconds, but I added the following extra lines of information to the readme.txt file.
- adjust an examples timeout parameter if the desired result in not received
-- currently set to 1500 milliseconds: timeSetEvent_(1500, ...)

Thank you.

[Kwai chang caine]

Hello JHPJHP

Thanks for all your precious sharing
I'm on W7 and i have the msg error "MSVCR110.ddl missing" surely because i'm not administrator ?

[JHPJHP]

Hi Kwai chang caine,

You're correct about the required privileges, see the following quote from the WinDivert site:

1. To use WinDivert please ensure that you use the correct version (i.e. 32-bit WinDivert for 32-bit system, etc.) and that you are running with Administrator privileges. Otherwise WinDivert will fail to load.
2. As of version 1.0.4, the binary WinDivert drivers are signed by Nemea Mjukvaruutveckling (Nemea Software Development). We thank Nemea for their support. Commercial users of WinDivert should sign the driver with their own certificate if possible.
3. The WinDivert.dll and sample executables depend on an appropriate version of the Microsoft Visual C++ Redistributable library. For example, the MSVC WinDivert build depends on MSVCR110.dll. This file is not distributed as part of the WinDivert binary package and must be installed separately.

NB*: I've already included the Microsoft Visual C++ Redistributable: binaries/msvcr120.dll.

Thank you.

[JHPJHP]

For anyone interested in WinDivert

With a slight modification to the examples:
- removing the timeout parameter, adjusting the filter, etc.
- incorporating a service (framework for creating one: http://www.purebasic.fr/english/viewtop ... 12&t=60881)

You'll have the beginnings of a powerful tool.

Updated:
- added folder: services
-- CreateDeleteService.pb
-- WinDivertBlockHTTP_EXE.pb
-- WinDivertService_EXE.pb
- added: WinDivertBlockHTTP.exe (located in: binaries\)
- added: WinDivertService.exe (located in: binaries\)

*** The new scripts are an amalgamation of WinDivert and some of the other "Tricks 'n' Tips" I've uploaded. ***

Information:
- WinDivertBlockHTTP_EXE.pb : WinDivertBlockHTTP.exe
-- file used by Windows services to block all http sites (encrypted: https sites not affected)
- WinDivertService_EXE.pb : WinDivertService.exe
-- file used by Windows services to execute: WinDivertBlockHTTP.exe

Run the file: services/CreateDeleteService.pb to create / delete the service: WinDivertBlockHTTP. Once the service has been created, all non-encrypted sites should be blocked.
- when creating the service choose the file: binaries/WinDivertService.exe
- run the file a second time to delete the service

NB*: I've only tested the Windows services part of the package using PureBasic 32bit / Windows 7 64bit.

[Kwai chang caine]

Thanks for your answer and obviously for all your great works in the differents subjects

[JHPJHP]

Hi Kwai chang caine,

Thank you for your kind words.

---------------------------------------------------------------

Applied some updates to the code, including renaming some files.
- fixed a couple small things not worth mentioning

Updated the file: WinDivertBlockHTTP_EXE.pb (WinDivertBlockHTTP.exe).
- added a logging algorithm (includes a sound)
-- packet-data taken directly from the example: wd_sniffing.pb
-- saves packet information if 5 or more seconds have passed since the last connection attempt
-- log file saved to the folder/file: services/BlockedSites.txt

I added the logging algorithm because in the past I've used a program that monitored hidden outgoing connections that occurred without user interaction, and wondered if this simple example could catch such connections.
- the filter can be widened to include additional ports, etc., but for what I was trying to accomplish it worked

Code: Select all

filter.s = "outbound && ip && tcp.DstPort == 80 && tcp.PayloadLength > 0"

---------------------------------------------------------------

Updated the file: WinDivertBlockHTTP_EXE.pb (WinDivertBlockHTTP.exe).
- added a timeout function to test the service status, otherwise when the service was deleted the file WinDivertBlockHTTP.exe wouldn't know to quit until a website was loaded
-- function: WinDivertRecv holds execution until a packet is received