FwpUClnt.FWPM_FILTER0.filterId is broken #475

Signum21 · 2024-07-30T23:28:30Z

Describe the bug and how to reproduce

I'm enumerating the wfp filters.
The name, description and filterKey are correctly extracted but the filterId is 0 for all filters.

What code is involved

FwpUClnt.FwpmFilterEnum0(engineHandle, filterEnumHandle, 2500, out FwpUClnt.SafeFwpmMem filters, out uint filterslength);
FwpUClnt.FWPM_FILTER0[] filtersArray = filters.ToArray<FwpUClnt.FWPM_FILTER0>(filterslength, true);

foreach (FwpUClnt.FWPM_FILTER0 filter in filtersArray)
{
    Console.WriteLine(filter.displayData.name);
    Console.WriteLine(filter.displayData.description);
    Console.WriteLine(filter.filterId);
    Console.WriteLine(filter.filterKey + Environment.NewLine);
}

Expected behavior

The filterId should be different and not 0 (I confirmed this with another tool).

… a GetValue method to easier extract the value.

dahall · 2024-07-31T02:25:45Z

Thanks. I had a size bug in FWP_VALUE0 causing the problem. It is fixed and can be found in 4.0.3 (soon to be released) or on the AppVeyor repository as pre-release (see readme).

I would strongly encourage the use of the overload for FwpmFilterEnum0 that tucks the array inside a memory manager.

FwpmFilterEnum0(engineHandle, out SafeFwpmArray<FWPM_FILTER0> h);
foreach (FWPM_FILTER0 e in h)
   ...

dahall added a commit that referenced this issue Jul 31, 2024

Fixed structure bug in FwpUClnt.FWP_VALUE0 that caused #475 and added…

9c8c794

… a GetValue method to easier extract the value.

dahall closed this as completed Jul 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FwpUClnt.FWPM_FILTER0.filterId is broken #475

FwpUClnt.FWPM_FILTER0.filterId is broken #475

Signum21 commented Jul 30, 2024

dahall commented Jul 31, 2024

FwpUClnt.FWPM_FILTER0.filterId is broken #475

FwpUClnt.FWPM_FILTER0.filterId is broken #475

Comments

Signum21 commented Jul 30, 2024

dahall commented Jul 31, 2024