是否有任何体面的方式在WFP中获取ICMP数据包进程ID [英] Is there any decent way get ICMP packet process id in WFP

问题描述

在FWPM_LAYER_ALE_AUTH_CONNECT_V4中，ICMP数据包进程ID在inFixedValue中为4，有时PsGetCurrentProcess可以获取正确的进程ID，有时它也返回4.

In  FWPM_LAYER_ALE_AUTH_CONNECT_V4, the ICMP packet process id is 4 in inFixedValue, sometime the PsGetCurrentProcess can get correct process id, sometime it return 4 too.

在WFP层中是否有任何体面的方式获取ICMP数据包和进程ID?

Is there any decent way get ICMP packet  process id in WFP layer?

谢谢

推荐答案

4可能是系统进程ID，这对于TCPIP的本机ICMP端点很有意义.如果原始套接字正在执行ICMP处理，那么我想象将显示打开RAW套接字的进程的PID.

4 is probably the System process ID, which would make sense for TCPIP's native ICMP endpoint.  If a raw socket is doing the ICMP processing, then I imagine the PID for the process which opened the RAW socket would be indicated.

 

希望这会有所帮助，

 

这篇关于是否有任何体面的方式在WFP中获取ICMP数据包进程ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！