WinDivert

WINDIVERT

WinDivert FAQ

Contents

Why does DivertOpen() fail with error code NNN?
Why does DivertSend() fail with error code NNN?
How do I test sign the WinDivert.sys driver?
How do I release sign the WinDivert.sys driver?
Does WinDivert support Windows XP?
Does WinDivert support Windows 8 and Visual Studio 2012?
Can WinDivert be used in proprietary (closed source) software?
Is WinDivert available under other licenses (e.g. commercial)?
Which versions of WinDivert are deprecated?
WinDivert is installed on my system. How do I permanently uninstall it?


Question: Why does DivertOpen() fail with error code NNN?
Answer:

The most common error codes (and the underlying causes) are as follows:

Name Code Description
ERROR_INVALID_PARAMETER 87 This indicates an invalid packet filter string, layer, priority, or flags.
ERROR_FILE_NOT_FOUND 2 Either one of the WinDivert32.sys or WinDivert64.sys files were not found.
ERROR_ACCESS_DENIED 5 The calling application does not have Administrator privileges.
ERROR_INVALID_IMAGE_HASH 577 The WinDivert32.sys or WinDivert64.sys driver file does not have a valid digital signature.
ERROR_DRIVER_BLOCKED 1275 This error occurs for various reasons, including:
  1. attempting to load the 32-bit WinDivert.sys driver on a 64-bit system (or vice versa);
  2. the WinDivert.sys driver is blocked by security software; or
  3. you are using a virtualization environment that does not support drivers.
ERROR_OPEN_FAILED 110 Only older versions (< 1.0.3) of WinDivert return (110) errors. Please upgrade to the latest version.
ERROR_PROC_NOT_FOUND 127 The error may occur for Windows Vista users. The solution is to install the following patch from Microsoft: http://support.microsoft.com/kb/2761494.


Question: Why does DivertSend() fail with error code NNN?
Answer:

The most common error codes (and the underlying causes) are as follows:

Name Code Description
ERROR_DATA_NOT_ACCEPTED 592 This error is returned when the user application attempts to inject a malformed packet. It may also be returned for valid inbound packets, and the Windows TCP/IP stack rejects the packet for some reason.
ERROR_RETRY 1237 The underlying cause of this error is unknown. However, this error usually occurs when certain kinds of anti-virus/firewall/security software is installed, and the error message usually resolves once the offending program is uninstalled. This suggests a software compatibility problem.


Question: How do I test sign the WinDivert.sys driver?
Answer:

Note that, as of version 1.0.4, test signing is no longer required if you use the pre-built binaries.

For test signing you can use the following steps:

  1. Download and install Windows Driver Kit 7.1.0.
  2. Open a WDK Build Environment console as Administrator.
  3. Run the MakeCert.exe tool to create a test certificate, e.g. with:
        MakeCert -r -pe -ss TestCertStoreName -n "CN=TestCertName" CertFileName.cer
    
  4. Install the test certificate with CertMgr.exe, e.g. with:
        CertMgr /add CertFileName.cer /s /r localMachine root
    
  5. Sign WinDivert.sys with the test certificate, e.g. with:
        SignTool sign /v /s TestCertStoreName /n TestCertName WinDivert.sys
    
  6. Before you can load test-signed drivers, you must enable Windows test mode. To do this, run the command:
        Bcdedit.exe -set TESTSIGNING ON
    
    and restart Windows. For more information, see The TESTSIGNING Boot Configuration Option.

Question: How do I release sign the WinDivert.sys driver?
Answer:

If you wish to distribute WinDivert as part of a software package, then you need to release sign the WinDivert driver files. For this you will need to obtain a Software Publisher Certificate (SPC) from an approved commercial certificate authority. For release-signing a driver, see here for more information.

Note that as of 2012 it is possible for individuals to obtain SPCs for signing kernel mode software. Prior to 2012 only organizations or companies could obtain such certificates.


Question: Does WinDivert support Windows XP?
Answer:

WinDivert does not support Windows XP, Windows 2003, nor earlier versions of Windows. This is because WinDivert is built on top of the Windows Filtering Platform (WFP), and the WFP requires Windows Vista or above. Please note that Microsoft will end all Windows XP support in August 2014.


Question: Does WinDivert support Windows 8 and Visual Studio 2012?
Answer:

WinDivert supports Visual Studio 2012 as of version 1.0.5. The driver itself must still be built with Windows Driver Kit version 7.1.0. Several people have reported that the WinDivert driver can be built with Visual Studio 2012 and Windows Driver Kit 8 using the automatic conversion tools. See Creating a Driver From Existing Source Files for more information.


Question: Can WinDivert be used in proprietary (closed source) software?
Answer:

Yes, strictly under the terms of the GNU Lesser Public License Version 3.0. Alternatively you may purchase a WinDivert commercial license.


Question: Is WinDivert available under other licenses (e.g. commercial)?
Answer:
In addition to the LGPL, WinDivert is available under the following commercial licenses:

Type Description Price
Basic No modification, but re-branding is allowed. USD$500p.a.
Advanced Modifications allowed. USD$1000p.a.

Please contact for more information.


Question: Which versions of WinDivert are deprecated?
Answer:
All WinDivert versions except 1.1.8 and 1.2.0-rc are deprecated and should not be used. Please update to the latest version.


Question: WinDivert is installed on my system. How do I permanently uninstall it?
Answer:
There are two main ways to do this:
  • Find and uninstall whatever application is using WinDivert; or
  • To forcibly uninstall (at your own risk): find and delete the WinDivert32.sys and WinDivert64.sys files and reboot your computer. Note that this may cause whatever application was using WinDivert to no longer work correctly.

Copyright © 2017 basil