[Victor43]

Would the WFP Callout Driver Metadata Field Identifiers (Compact 2013) as shown here be the place to explore ?

I'm working with the Inspect Sample

https://msdn.microsoft.com/en-us/library/gg158947.aspx
https://msdn.microsoft.com/en-us/librar ... 2147217396

[Vrtule]

Hello,

I do not understand what exactly is your question. The documents you linked describe metadata available at various WFP layers. The FWPS_METADATA_FIELD_PROCESS_PATH stores the application path.

[Victor43]

Hello,

I do not understand what exactly is your question. The documents you linked describe metadata available at various WFP layers. The FWPS_METADATA_FIELD_PROCESS_PATH stores the application path.

Yes exactly that was the confirmation which I was looking for. One more question please where in the Inspect sample where I can access this data (namely application path) ? Would it be in the callout's classifyFn callout function ? If yes any hints which function that might be ? Perhaps the TLInspectALEConnectClassify function ?

Thank you

[Vrtule]

Use KdPrintEx/DbgPrintEx to send debug prints to debugger. If you are using WinDbg, then the following command will setup the kernel in a way that all debug prints will be sent to the debugger (you need to have correct symbols):

Code: Select all

ed Kd_DEFAULT_Mask 0xffff

[Victor43]

Use KdPrintEx/DbgPrintEx to send debug prints to debugger. If you are using WinDbg, then the following command will setup the kernel in a way that all debug prints will be sent to the debugger (you need to have correct symbols):

Code: Select all

ed Kd_DEFAULT_Mask 0xffff

Thank you again. But I had one more question to ask. Where in the Inspect sample where I can access this data (namely application path) ? Would it be in the callout's classifyFn callout function ? If yes any hints which function that might be ? Perhaps the TLInspectALEConnectClassify function ?