WinpkFilter is a high performance packet filtering framework for Windows 9x/ME/NT/2000/XP/2003/Vista/2008/Windows 7/2008R2 that allows developers to transparently filter (view and modify) raw network packets with minimal impact on network activity without having to write low level TDI or NDIS driver code.

WinpkFilter is more than just a firewall development kit for Windows. With WinpkFilter you can make an application that inserts itself into the Windows network stream: custom firewall solution, internet connection sharing (NAT), IP shaper, VPN and many other low-level network solutions completely in user-mode using your favorite development environment: Visual C++, Delphi, Visual Basic, C++ Builder and etc.

Using WinpkFilter requires no experience in kernel mode programming on your behalf since WinpkFilter provides you with powerful user level API. However, if you need to implement your solution (to achieve better performance) in kernel mode you can use well-documented raw IOCTL interface as well.

System requirements:

Windows 95, 98, ME, NT 4.0, 2000, XP x86/x64, Server 2003 x86/x64, Vista x86/x64*, Server 2008 x86/x64*, Windows 7 x86/x64*, Server 2008 R2 x86/x64*

Supported connection types:

WinpkFilter supports Dial-Up connections (Analog modem, ISDN modem), Ethernet (LAN and WLAN) connections, Cable/DSL modem using DHCP or "PPP over Ethernet" (EnterNet, RasPPPoE, WinPoET).

Product features:

• The easiest way to develop and debug packet filtering/modifying communication applications such as firewalls, sniffers, internet connection sharing, VPN, etc.
• SMP safe.
• Full portability to all Windows platforms due to the common API.
• Operates on RAS/PPP adapters
• Complete source code for sample applications (projects for MS Visual C++, MS Visual Basic, Borland Delphi and C++ Builder) and wrapper API DLL is available. Source code for helper drivers supplied when you purchase Source Code License ONLY.
• Passive network listening and active filtering (with possible packet modification) modes
• Interface for sending RAW Ethernet packets to network interface (originated by MSTCP) or to MSTCP
• Supports MTU decrement (allows you to set system-wide MTU decrement). This option is required if you plan to add additional headers to IP packets (implement IP in IP packet tunneling, IPSEC based VPN and so on).
• Helper routines in ndisapi.dll for converting internal (NDIS level) network interface names to the user friendly ones (the names you see in Network connections properties)
• Helper drivers are based on NDIS-hooking technology. You can read more about this technology here. Windows x64 driver is based on NDIS intermediate driver.

Applicability \ Usage scope:

• User-mode firewall solutions. That’s right! WinpkFilter allows implementing a firewall completely in user-mode. This is not recommended for high speed connections (over 100Mbit) since filtering network packets in user-mode decreases network performance up to 30-40%, but it is quite useful for dial-up, DSL or even 100MBit Ethernet connections.
• Kernel-mode firewall solutions. You can use RAW IOCTLs for calling helper driver from your kernel mode driver. This requires kernel-mode programming skills while eliminating performance degradation caused by redirecting packets from kernel mode to user mode and back.
• Internet Connection Sharing (Network Address Translation) that can be implemented both in user and kernel modes.
• VPN solution (IPSEC an example) that can also be implemented both in user and kernel modes.
• Packets tunneling. Example: packets captured from the network (or from MSTCP) delivered into the user mode and tunneled to the remote system inside SSL stream. Remote system can indicate them to MSTCP (or send over network) after extracting packets from the SSL stream. Classic approaches like ‘IP in IP’ can also be implemented.
• Packet sniffer. You can inspect all packets sent to (received from) MSTCP.
• IP shaping solutions (when you need to limit bandwidth for Internet users).
• Network traffic count solutions.
• Wireless Firewall Gateways.

WinpkFilter run-time libraries:

You can download WinpkFilter run-time libraries (free for private or educational use) in order to test and evaluate the reliability and performance of our software. We provide three simple console applications with complete source code to demonstrate how WinpkFilter can be used for rapid development of network packets filtering/modifying modules. For more details see the online version of WinpkFilter documentation.

WinpkFilter 3.0.7 run-time libraries (from this site)

WinpkFilter run-time includes samples for various 32 bit development environments (Microsoft Visual C++, Borland C++ Builder, Borland Delphi, Microsoft Visual Basic). Due to lack of native 64 bit development environments x64 samples are limited to Visual Studio 2008 ones.

Please note, that installed third-party firewall software may limit samples functionality.

• Internet Gateway - implements simple single threaded TCP and UDP dynamic NAT, what allows you to share the single Internet connection over your home network providing the major Internet services (e-mail, WWW and etc...). The source code for the Internet Gateway can be found inside WinpkFilter run-tiem package.
• Ethernet Bridge - implements MAC level bridging of TCPIP bound network interfaces. It can be used, an example, with OpenVPN in its bridging mode, especially with the server-end running on a Windows 2000 machine (which misses native bridging available since Windows XP) or just for bridging wireless and wired Ethernet when IP address space can't be divided into subnets. Only WinpkFilter Source Code licensees are eligible for the source code for this application because it includes the source code for the WinpkFilter kernel mode component.

How to install:

Unzip and run winpkflt_rtl.exe.

Price & licensing:

We offer three types of licenses. Use the table below to choose license type that suits your needs.

Please be very careful when choosing the license type:

• Individual license can be used for educational purposes, creating dedicated network filtering solutions etc. You are not permitted to redistribute WinpkFilter modules (DLL's, drivers) as a part of your software. Additionally we should note that there is no sense in doing this, if you create your product using standard drivers build then your software may conflict with any other applications based on these drivers..
• Developer license can be used for creating royalty free WinpkFilter based software. NT Kernel Resources strongly recommends you to request custom software build from us.
• Source Code license is similar to Developer license but it also includes complete source code of WinpkFilter.

Subscription Renewal:

If you are already WinpkFilter customer, but your support plan is out-of-date then you can renew it using the links below (please note that NT Kernel Resources may request your previous order ID and date for confirmation):

* - For Windows Vista and later versions of the Windows family of operating systems, kernel-mode software must have a digital signature to load on x64-based computer systems. WinpkFilter drivers are not signed and in order to test them on Vista x64 you should press F8 during system boot and choose Disable Driver Signature Enforcement option. For the commercial software you'd have to obtain Code Signing certificate from Verysign.

** - You may need custom build of WinpkFilter if you are going to redistribute helper drivers as a part of your software. Custom build allows avoiding any possible conflicts with other WinpkFilter based applications. If you have purchased Developer license you can request custom build by sending e-mail to support@ntkernel.com.