Debugging memory heap corruptions is quite tricky because the location of the crash gives us absolutly no clue on where the corrupting code is located.
We wrote an article about how to debug heap corruptions which covers a simple yet unknown and powerfull technique to debug and solve such corruptions.
Barak
Hooking Winsock is one way to allow the programmer to intercept Winsock2 calls, this way has advantages and disadvantages. Advantages:
Disadvantages:
Barak
What is LSP? LSP stand for Layered Service Provider and in a nutshell it’s a component that intercepts all Winsock API calls and allows the programmer to inspect the data and even modify it.
You can read about more LSP resources on Komodia’s web site.
Barak
I inquired about the price of lsp.com and I got a quote for 40k$, I would understand if the site was ranked 1st on Google search for LSP, but it isn’t even ranked. for 40k$ I can run so many SEO tactics to get to number one in many words and still have change.
Barak
SSL sniffing of XP, can be done in number of ways, it can be done with a SDK which is relevant for commercial applications or it can be done with a SSL Sniffer, you can even use Wireshark, but for that you must have the SSL key.
Barak
Network Redirector SDKÂ is Komodia’s flagship product, it does 95% of all possible network modification needed and it’s off the shelf product, which means that you can work with it from the minute you use it just like Net filter SDK.
In case you do need to extend its functionality you can write a DLL using our easy to use DLL extension framework.
Barak
TDI Driver is mostly used today for personal AV products. I know there are number of parental control, spam filters products that use it as well.
I’m not a fan of TDI, although it has its place in doing networking filtering, it’s time is up and in one and a half year it will be phased out, so I don’t see any reason to start a project using TDI.
You can read this nice article about the difference between LSP and TDI.
Barak
Windows Filtering Platform is a relativly new technology from Microsoft that was built to replace all existing technologies: Winsock LSP, TDI, NDIS.
First step would we TDI as Microsoft announced it will not be supported anymore on the next OS, but it seems that NDIS and LSP are supported.
I had a prospect ask me why I don’t WFP, well WFP the main reason not to use WFP for me is the lack of support for Windows XP (many of my clients also want to support Windows 2000), and until Windows XP will become obsolete, WFP will not gain momentum.
Barak
NDIS Filter is used to perform packet filtering, modification and inspection, unlike other technologies like LSP and TDI which operate on streams.
NDIS Filter is actually a NDIS IM driver which receives packets (to send or receive), can perform processing on them and then send them to the next layer or drop them, that’s why NDIS IM drivers are used for: Firewalls, corporate firewalls, custom network solutions and more.
When stream operations is requires, NDIS IM is sometimes a bad choice because it imposes additional work to convert packets to streams, which can be avoided if using TDI or LSP.
Barak
You can request a trial for our c++ filter network traffic which allows you to perform network modification and interception without delving into the deeps of network filtering technology.
Our clients are using this SDK to rapidly deploy their products such as: Parental control, Anonymizers, Content analyzers and more.
Barak