WinDivert

WINDIVERT

WinDivert FAQ

Contents

Why does WinDivertOpen() fail with error code NNN?
Why does WinDivertSend() fail with error code NNN?
How do I test sign the WinDivert.sys driver?
How do I release sign the WinDivert.sys driver?
Does WinDivert support Windows XP?
Does WinDivert support Visual Studio?
Can WinDivert be used in proprietary (closed source) software?
Is WinDivert available under other licenses (e.g. commercial)?
Which versions of WinDivert are deprecated?
WinDivert is installed on my system. How do I permanently uninstall it?


Question: Why does WinDivertOpen() fail with error code NNN?
Answer:

The most common error codes (and the underlying causes) are as follows:

Name Code Description
ERROR_INVALID_PARAMETER 87 This indicates an invalid packet filter string, layer, priority, or flags.
ERROR_FILE_NOT_FOUND 2 Either one of the WinDivert32.sys or WinDivert64.sys files were not found.
ERROR_ACCESS_DENIED 5 The calling application does not have Administrator privileges.
ERROR_INVALID_IMAGE_HASH 577 The WinDivert32.sys or WinDivert64.sys driver file does not have a valid digital signature.
ERROR_DRIVER_BLOCKED 1275 This error occurs for various reasons, including:
  1. attempting to load the 32-bit WinDivert.sys driver on a 64-bit system (or vice versa);
  2. the WinDivert.sys driver is blocked by security software; or
  3. you are using a virtualization environment that does not support drivers.
ERROR_OPEN_FAILED 110 Only older versions (< 1.0.3) of WinDivert return (110) errors. Please upgrade to the latest version.
ERROR_PROC_NOT_FOUND 127 The error may occur for Windows Vista users. The solution is to install the following patch from Microsoft: http://support.microsoft.com/kb/2761494.


Question: Why does WinDivertSend() fail with error code NNN?
Answer:

The most common error codes (and the underlying causes) are as follows:

Name Code Description
ERROR_DATA_NOT_ACCEPTED 592 This error is returned when the user application attempts to inject a malformed packet. It may also be returned for valid inbound packets, and the Windows TCP/IP stack rejects the packet for some reason.
ERROR_RETRY 1237 The underlying cause of this error is unknown. However, this error usually occurs when certain kinds of anti-virus/firewall/security software is installed, and the error message usually resolves once the offending program is uninstalled. This suggests a software compatibility problem.


Question: How do I test sign the WinDivert.sys driver?
Answer:

Note that, as of version 1.0.4, test signing is no longer required if you use the pre-built binaries.

For test signing you can use the following steps:

  1. Download and install Windows Driver Kit 7.1.0.
  2. Open a WDK Build Environment console as Administrator.
  3. Run the MakeCert.exe tool to create a test certificate, e.g. with:
        MakeCert -r -pe -ss TestCertStoreName -n "CN=TestCertName" CertFileName.cer
    
  4. Install the test certificate with CertMgr.exe, e.g. with:
        CertMgr /add CertFileName.cer /s /r localMachine root
    
  5. Sign WinDivert.sys with the test certificate, e.g. with:
        SignTool sign /v /s TestCertStoreName /n TestCertName WinDivert.sys
    
  6. Before you can load test-signed drivers, you must enable Windows test mode. To do this, run the command:
        Bcdedit.exe -set TESTSIGNING ON
    
    and restart Windows. For more information, see The TESTSIGNING Boot Configuration Option.

Question: How do I release sign the WinDivert.sys driver?
Answer:

If you wish to distribute WinDivert as part of a software package, then you need to release sign the WinDivert driver files. For this you will need to obtain a Software Publisher Certificate (SPC) from an approved commercial certificate authority. For release-signing a driver, see here for more information.


Question: Does WinDivert support Windows XP?
Answer:

WinDivert does not support Windows XP, Windows 2003, nor earlier versions of Windows. This is because WinDivert is built on top of the Windows Filtering Platform (WFP), and the WFP requires Windows Vista or above. Please note that Microsoft ended Windows XP support in August 2014.


Question: Does WinDivert support Visual Studio?
Answer:

For building WinDivert from source code: the WinDivert driver must be built using WDK 7.1.0 and the WinDivert runtime library must be built using Linux cross compilation using MinGW. Other compilers/systems such as Visual Studio may work but are not officially supported.

For using the pre-built WinDivert in another project: the pre-built WinDivert.dll file (version 1.4.3 and above) has no msvcrt* dependencies and should be compatible with any compiler, including Visual Studio. Simply extract the WinDivert*.sys, WinDivert.dll and WinDivert.lib binary files from the official WinDivert binary release and import them into your project.


Question: Can WinDivert be used in proprietary (closed source) software?
Answer:

Yes, strictly under the terms of the GNU Lesser Public License Version 3.0. Alternatively you may purchase a WinDivert commercial license.


Question: Is WinDivert available under other licenses (e.g. commercial)?
Answer:
In addition to the LGPL, WinDivert is available under the following commercial licenses:

Type Description Price
Basic No modification, but re-branding is allowed. USD$500p.a.
Advanced Modifications allowed. USD$1000p.a.

Please contact for more information.


Question: Which versions of WinDivert are deprecated?
Answer:
All WinDivert versions except 1.4.2, 1.4.3 and 2.1.X (and above) are deprecated and should not be used. Please update to the latest version.


Question: WinDivert is installed on my system. How do I permanently uninstall it?
Answer:
WinDivert is never permanently installed on your system, rather, it is only temporarily loaded on demand by whatever application is using it. To remove WinDivert, you want to remove/uninstall all WinDivert client application(s) and reboot. There are two main ways to do this:

  • Find and uninstall whatever application is using WinDivert. On Windows 10, you can find WinDivert applications using the following method:
    1. Press Ctl-Alt-Delete and select Task Manager.
    2. Select Performance and Open Resouce Monitor.
    3. Select the CPU tab and search for WinDivert in Associated Handles.
    4. This should display all programs currently using WinDivert.
    These programs can be terminated and/or uninstalled. The driver itself will be automatically removed from system memory after rebooting your computer.
  • To forcibly uninstall (at your own risk): find and delete the WinDivert32.sys and WinDivert64.sys files and reboot your computer. Note that this may cause whatever application was using WinDivert to no longer work correctly.

Please do not follow any third-party guides for removing WinDivert, especially those recommending so-called WinDivert removal tools. A common tactic by unscrupulous anti-virus vendors is to mischaracterize WinDivert as malicious with the aim of tricking the user into downloading a so-called removal tool. Often this removal tool is itself malicious or at least scareware (scareware is software that attempts to trick users into paid subscriptions). WinDivert is not and has never been malicious, and is designed to be easily removable without the need for additional third-party software.

However, if an automatic tool is preferred, a first-party removal tool is available in the form on WinDivertTool which can be downloaded from here. Unlike third party tools, WinDivertTool was developed by the main developer of WinDivert, and is free and open source. See the above links for a description.

Copyright © 2019 basil