From Windows DDK documentation for me it was unclear that for successful implementation of filter hook driver it is needed first to load so called ip filter driver.
Filter hook driver is the simple kernel mode driver which allows to control IP traffic in Windows 2000 or later versions.
Ip filter driver is system suplied (ipfltdrv.sys) which is not loaded by default in Windows XP.
So, to be able to install filter hook driver first it is necessary to run ipfilter driver because the “filter hook” driver is using services of the “ip filter” driver.
By the way, device name for the ipfilter driver is IPFILTERDRIVER.
For example, if you use this code to obtain a pointer to ip filter driver device object:
RtlInitUnicodeString( &uniDeviceName, DD_IPFLTRDRVR_DEVICE_NAME ); ntStatus = IoGetDeviceObjectPointer( &uniDeviceName, STANDARD_RIGHTS_ALL, &pFileObject, &pDeviceObject );
and if you get a status code like
STATUS_NO_SUCH_FILE or STATUS_NO_SUCH_DEVICE
most probably you just don’t have ip filter driver loaded on your system.