Creating a Filter-Hook Driver
A filter-hook driver is a kernel-mode driver that implements a callback function called a filter hook and registers that callback function with the system-supplied IP filter driver. The IP filter driver then uses the filter hook to determine how to process incoming and outgoing packets. For more information about developing a kernel-mode driver, see Kernel-Mode Driver Components.
To supplement the Packet Filtering application programming interface (API), a filter-hook driver can be created to filter network packets. User-mode applications use this API to create and manage, in the system-supplied IP filter driver, input and output filters that filter packets with specific IP addresses or TCP/UDP port numbers. Because the Packet Filtering API optimizes the system-supplied IP filter driver to process packets without the overhead that is associated with a filter-hook driver, you should consider using this API if possible. For more information about the Packet Filtering API, see the Microsoft Windows SDK documentation.
Note Starting with Windows Vista, do not implement filter-hook or firewall-hook drivers. Use Windows Filtering Platform Callout Drivers instead.
The following topics describe how to create a filter-hook driver:
Initializing and Unloading the Filter-Hook Driver
Registering and Clearing a Filter Hook
Implementing Filter Hook IOCTLs
Implementing Filter-Hook Drivers