<div>Hai, all</div>
<div> </div>
<div>I modified the passthru driver (NDIS Intermediate Driver) from the example in WinDDK. I success to direct intercept and dump all the network traffic packets (hexadecimal format) into c:\xxxx.dat format. My question is:</div>
<div> </div>
<div>1. is it possible direct dump from NDIS intermediate driver into pcap format? for example, c:\xxx.pcap without sending all the traffic to ring3 for process</div>
<div>2. if yes, any code / docsi can refer?</div>
<div> </div>
<div>Thanks,</div>
<div> </div>
<div>from ictsecurity0 </div>