[帮助]改变检查样本 [英] [HELP] to change inspect sample

问题描述

HI专家，

是否有可能以捕获和记录所有数据包（入站和出站）的方式从DDK更改检查样本，只需使用dbgprint打印出来？

Is it possible to change inspect sample from DDK in the way it captures and logs all packets (inbound and outbound) just printing out with dbgprint?

我是驱动程序编程的新手，想写这样的程序。

I am new in driver programing and want to write such a program .

任何帮助都将不胜感激。

any help would be appreciated.

推荐答案

使用DbgPrint执行此操作是一个非常糟糕的主意。您应该打印到自己的文件或使用ETW / WPP跟踪。您可以查看WFPSampler（ http：// code。 msdn.microsoft.com/windowshardware/Windows-Filtering-Platform-27553baa/sourcecode?fileId=51338&pathId=430772664)
了解如何完成此操作。 在WFPSampler中，您将看到DbgPrint，但是在编译时，它们将转换为WPP跟踪语句。

Doing this using DbgPrint is a very bad idea. You should either print to your own file or using ETW / WPP tracing. You can look at the WFPSampler (http://code.msdn.microsoft.com/windowshardware/Windows-Filtering-Platform-27553baa/sourcecode?fileId=51338&pathId=430772664) To see how this is done.  In the WFPSampler, you will see DbgPrint, however when compiled, they are converted to WPP trace statements.

希望这有帮助，

这篇关于[帮助]改变检查样本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！