I'm writing a firewall using TDI Filter drivers for windows XP.
I've currently filter TDI_CONNECT requests correctly. Now I want to be able to control what application tries to listen on a port. The problem is no one sends TDI_LISTEN request irp to me, and applications successfully start listening. I'm logging all minor functions sent to me, and I'm sure TDI_LISTEN is never received by me.
I've read somewhere that no MS driver use TDI_LISTEN function. If this is so, how can I filter listen requests, and if not, what's wrong in my filter?