I need to create a program that monitors incoming packets to a certain process. Each incoming packet needs to be searched for a string of hex (eg. "FF 00 00 03") and modified to be null (eg. 00 00 00 00). Or, if it's easier, to just completely block the packet from coming through.

I currently have a console app that monitors packets from the whole machine, in and out. But, I can't figure out how to read the whole packet, It's just reading the header info, any ideas? I'm using WinPcap to do this at the moment. I don't know if WinPcap can modify packets or search them though, I've only seen it used to filter packets by ip or protocal, not by the actual content itself. Does anyone know how to do this? If you need my source code please tell and I'll post it.

6 Years
Discussion Span
Last Post by makman99

I used the Microsoft Detours to hook the send/recv functions of a process and run all data through my application before sending through the target process.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.