WinDivert

WinDivert 1.0: Windows Packet Divert

Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert package for Windows Vista, Windows 2008, and Windows 7.

WinDivert allows developers to write user-mode applications that can capture/modify/drop network packets sent to/from the Windows network stack. In summary, WinDivert can:

• capture network packets
• filter/drop network packets
• sniff network packets
• (re)inject network packets
• modify network packets

WinDivert can be used to implement user-mode packet filters, packet sniffers, firewalls, NAT, VPNs, tunneling applications, etc., etc.. If you need to intercept and modify packets, then WinDivert is for you.

The main features of WinDivert include:

• packet interception, sniffing, or dropping modes
• supports loopback (localhost) traffic
• full IPv6 support
• network layer
• simple and powerful API
• high-level filtering language
• filter priorities
• freely available under the terms of the GNU Lesser General Public License (LGPL)

Documentation and Samples

• WinDivert Documentation: The official WinDivert manual.
• WinDivert README.
• WinDivert FAQ.
• WinDivert sample applications including:
  • netdump.c: A simple packet capture and dump application.
  • netfilter.c: A simple firewall application.
  • passthru.c: A skeleton WinDivert application with multi-threading.
  • webfilter.c: A simple URL blacklist filter.

Source Repository

The source code for WinDivert is hosted on GitHub. It can be accessed via the following link:

• https://github.com/basil00/Divert

Download

The following source packages for WinDivert are available:

• WinDivert-1.0.3-Source.zip (Source zipfile)

The following binary packages for WinDivert are available. Choose the package that matches your compiler:

• WinDivert-1.0.3-MSVC.zip (Visual Studio 2010 zipfile)
• WinDivert-1.0.3-WDDK.zip (Windows Driver Kit zipfile)
• WinDivert-1.0.3-MINGW.zip (MinGW zipfile)

IMPORTANT: Before you to use WinDivert, make sure that:

1. You use the 32-bit WinDivert.sys for 32-bit Windows, and the 64-bit WinDivert.sys for 64-bit windows.
2. You sign (or test sign) WinDivert.sys. See the WinDivert documentation for more information. Note that, as of 2012, individuals can purchase driver signing certificates.
3. You are running with Administrator privileges.

Failure to complete these steps will stop WinDivert from loading.

Projects

The following projects use WinDivert:

• ReQrypt: A HTTP request tunneling tool.
• BarbaTunnel: Tunnel VPN traffic through HTTP.
• PyDivert: Python binding.

Email basil if you want a link to your project.

Contact

Send feedback and/or questions to: