I've seen examples and sample code of WinDivert being used to modify properties of packets like their destination addresses, for example.
But I've tried searching really hard and can't find any documentation or samples of modifying the actual payload of the packets before reinjecting them.
Here is the code I have so far:
HANDLE handle; // WinDivert handle
WINDIVERT_ADDRESS addr; // Packet address
char packet[MAXBUF]; // Packet buffer
UINT packetLen;
handle = WinDivertOpen("...", 0, 0, 0); // Open some filter
if (handle == INVALID_HANDLE_VALUE)
{
// Handle error
exit(1);
}
// Main capture-modify-inject loop:
while (TRUE)
{
if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packetLen))
{
// Handle recv error
continue;
}
// Modify packet.
if (!WinDivertSend(handle, packet, packetLen, &addr, NULL))
{
// Handle send error
continue;
}
}
At the //Modify packet. Step I need to perform the payload modification. Specifically I am looking to either replace or completely overwrite the data with a new string.
In the WinDivert documentation the only thing I could find that dealt with packet data was this method to parse packets:
BOOL WinDivertHelperParsePacket(
__in PVOID pPacket,
__in UINT packetLen,
__out_opt PWINDIVERT_IPHDR *ppIpHdr,
__out_opt PWINDIVERT_IPV6HDR *ppIpv6Hdr,
__out_opt PWINDIVERT_ICMPHDR *ppIcmpHdr,
__out_opt PWINDIVERT_ICMPV6HDR *ppIcmpv6Hdr,
__out_opt PWINDIVERT_TCPHDR *ppTcpHdr,
__out_opt PWINDIVERT_UDPHDR *ppUdpHdr,
__out_opt PVOID *ppData,
__out_opt UINT *pDataLen
);
ppData: Output pointer to the packet's data/payload.
However I am not sure if this would let me modify the data (maybe it does?) because it seems like it will only let me retrieve the packet data for output.
So how would I go about editing the payload?
https://github.com/basil00/Divert/issues/16 Video and source user windivert.