any helps will be thanks!
I have searched a lot of question,but still can't find a real answer,my goal is to get the original connect address.Some body suggest to walk previousVersion in FWPS_CONNECT_REQUEST0 structure,but not point how to walk and how to make it work,also how to access it in user mode or proxy service.I have known how to query the original connect address in windows 8,but I have no idea about windows 7.I have made the code like this:
#if(NTDDI_VERSION >= NTDDI_WIN8)
//SOCKADDR_STORAGE* pSockAddrStorage = 0;
if((*ppRedirectData)->redirectHandle)
pConnectRequest->localRedirectHandle = (*ppRedirectData)->redirectHandle;
HLPR_NEW_ARRAY(pSockAddrStorage,
SOCKADDR_STORAGE,
2,
TUNNEL_CALLOUT_DRIVER_TAG);
HLPR_BAIL_ON_ALLOC_FAILURE(pSockAddrStorage,
status);
/// Pass original remote destination values to query them in user mode
RtlCopyMemory(&(pSockAddrStorage[0]),
&(pConnectRequest->remoteAddressAndPort),
sizeof(SOCKADDR_STORAGE));
RtlCopyMemory(&(pSockAddrStorage[1]),
&(pConnectRequest->localAddressAndPort),
sizeof(SOCKADDR_STORAGE));
/// WFP will take ownership of this memory and free it when the flow / redirection terminates
pConnectRequest->localRedirectContext = pSockAddrStorage;
pConnectRequest->localRedirectContextSize = sizeof(SOCKADDR_STORAGE) * 2;
#endif
But I don't know how to coding on windows 7,because everybody knows on windows 7,the code of pConnectRequest->localRedirectContext is unaccessable.Is any body have any idea?thanks very much!
Also,I want to show my idea,on windows 7,I solve this question like this:store the original address by myself in drivers,after the proxy accept a connect from drivers redirect,I get the tcp source port,and I use the tcp source port to query in drivers by using DeviceControl function,but if the system have kaspersky software working,the tcp source port will be changed by kaspersky,so I can't get the right tcp source port,and ofcourse the proxy can't work correct.
