说明：  // NtDeviceIoControlFile的HOOK函数 // ws2_32.dll的send , recv最终会调用到mswsock.dll内的数据发送函数 // mswsock.dll会调用NtDeviceIoControlFile向TDI Client驱动发送Send Recv指令 // 我们在这里做拦截，可以过滤所有的TCP 收发包（UDP之类亦可，不过要更改指令） // Hook mswsock.dll导出表的Ntdll!NtDeviceIoControlFile // 并过滤其对TDI Cilent的请求来过滤封包 // 稳定，隐蔽，RING3下最底层的包过滤~
(HOOK / NtDeviceIoControlFile function Ws2_32.dll / send, recv will call to the data transmitting function in mswsock.dll / / mswsock.dll will call the NtDeviceIoControlFile to the TDI Client driver sends the Send Recv command Here we do / / intercept, can filter all receive TCP packets (like UDP but also to change the directive) Mswsock.dll / / Hook export table Ntdll! NtDeviceIoControlFile And the request of TDI / / Cilent filter to filter packets / / stability, concealment, packet filtering at the bottom of the RING3.)