Initial commit after restructure
This commit is contained in:
Daniel
32
firewall/interception/windivert/notes.md
Normal file
32
firewall/interception/windivert/notes.md
Normal file
@@ -0,0 +1,32 @@
|
||||
# Notes
|
||||
|
||||
## Interception
|
||||
|
||||
- use windivert DLL
|
||||
- cgo or loadDLL?
|
||||
|
||||
- netfilter exmaple: https://reqrypt.org/samples/netfilter.html
|
||||
- v1.4 docs: https://reqrypt.org/windivert-doc.html#divert_recv_ex
|
||||
- source: https://github.com/basil00/Divert
|
||||
|
||||
- other GO package wrapping this: https://github.com/clmul/go-windivert/blob/master/divert_windows.go
|
||||
|
||||
## Packet/Process Attribution
|
||||
|
||||
- use Iphlpapi.dll
|
||||
- GetExtendedTcpTable
|
||||
- GetOwnerModuleFromTcpEntry
|
||||
- GetExtendedUdpTable
|
||||
- GetOwnerModuleFromUdpEntry
|
||||
- for generic IP?
|
||||
|
||||
## Helpful resources
|
||||
|
||||
Calling Windows APIs
|
||||
https://stackoverflow.com/questions/33709033/golang-how-can-i-call-win32-api-without-cgo#33709631
|
||||
|
||||
GetExtendedTcpTable (from Iphlpapi.dll)
|
||||
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365928(v=vs.85).aspx
|
||||
|
||||
GetUdpTable Example
|
||||
https://stackoverflow.com/questions/49167311/how-to-convert-uintptr-to-go-struct
|
||||
Reference in New Issue
Block a user