Windows Packet Divert (WinDivert) is a user-mode packet interception library for Windows 7, Windows 8 and Windows 10.
WinDivert enables user-mode capturing/modifying/dropping of network packets sent to/from the Windows network stack. In summary, WinDivert can:
WinDivert supports the following features:
For more information see doc/windivert.html
The basic architecture of WinDivert is as follows:
+-----------------+
| |
+------->| PROGRAM |--------+
| | (WinDivert.dll) | |
| +-----------------+ |
| | (3) re-injected
| (2a) matching packet | packet
| |
| || [user mode] | .................... | ................................... | ................... [kernel mode] | ||
|---|---|---|---|---|---|
+---------------+ +----------------->| (1) packet | (2b) non-matching packet ------------> | WinDivert.sys | --------------------------------------------> |
|---|
+---------------+The WinDivert.sys driver is installed below the Windows network stack. The following actions occur:
(1) A new packet enters the network stack and is intercepted by WinDivert.sys (2a) If the packet matches the PROGRAM-defined filter, it is diverted. The PROGRAM can then read the packet using a call to WinDivertRecv(). (2b) If the packet does not match the filter, the packet continues as normal. (3) PROGRAM either drops, modifies, or re-injects the packet. PROGRAM can re-inject the (modified) using a call to WinDivertSend().
WinDivert is dual-licensed under your choice of the GNU Lesser General Public License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2. See the LICENSE file for more information.
WinDivert was written by basil.
For further information, or bug reports, please contact:
basil@reqrypt.orgThe homepage for WinDivert is:
https://reqrypt.org/windivert.htmlThe source code for WinDivert is hosted by GitHub at:
https://github.com/basil00/Divert