A forum for reverse engineering, OS internals and malware analysis 

Search found 2 matches

 Go to advanced search

Thanks for your reply Vrtule, I appreciate your help. I think is possible( I have not checked it on news windows ) intercept IOCTL_TCP_QUERY_INFORMATION_EX but it would be necessary use VT-X/EPT to avoid Patchguard. Another solution could be write entireTCP stack using NDIS.... I would really apprec...


I'm using WFP to monitor network activity but reading de documentation I think is not possible to hide a connection using it. I've been
reviewing several rootkits capabilities and turla for example use WFP and Ndis driver....

Does anyone know if hide a connection using WFP is possible?