|
阅读:2067回复:3
关于WIN7防火墙的疑问
在windows7 下,firewall—filter中可以找到IP驱动的设备指针,并且构造IRP挂接过滤函数成功
但是有网络包发送时,却到不了过滤函数中, 请问一下哪位大侠是否遇到过该问题,有解决思路吗? 谢谢! |
|
|
沙发#
发布于:2012-04-17 10:35
把代码贴出来看一下
|
|
|
板凳#
发布于:2012-04-23 21:47
NTSTATUS SetFilterFunction(IPPacketFirewallPtr filterFunction, BOOLEAN load)
{ NTSTATUS status = STATUS_SUCCESS, waitStatus=STATUS_SUCCESS; UNICODE_STRING filterName; PDEVICE_OBJECT ipDeviceObject=NULL; PFILE_OBJECT ipFileObject=NULL; IP_SET_FIREWALL_HOOK_INFO filterData; KEVENT event; IO_STATUS_BLOCK ioStatus; PIRP irp; // Get pointer to Ip device RtlInitUnicodeString(&filterName, DD_IP_DEVICE_NAME); status = IoGetDeviceObjectPointer(&filterName,STANDARD_RIGHTS_ALL, &ipFileObject, &ipDeviceObject); if(NT_SUCCESS(status)) { // Init firewall hook structure filterData.FirewallPtr = filterFunction; filterData.Priority = 1; filterData.Add = load; KeInitializeEvent(&event, NotificationEvent, FALSE); // Build Irp to establish filter function irp = IoBuildDeviceIoControlRequest(IOCTL_IP_SET_FIREWALL_HOOK, ipDeviceObject, (PVOID) &filterData, sizeof(IP_SET_FIREWALL_HOOK_INFO), NULL, 0, FALSE, &event, &ioStatus); if(irp != NULL) { // Send the Irp and wait for its completion status = IoCallDriver(ipDeviceObject, irp); if (status == STATUS_PENDING) { waitStatus = KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL); if (waitStatus != STATUS_SUCCESS ) dprintf("FwHookDrv.sys: Error waiting for Ip Driver."); } status = ioStatus.Status; if(!NT_SUCCESS(status)) dprintf("FwHookDrv.sys: E/S error with Ip Driver\n"); } else { status = STATUS_INSUFFICIENT_RESOURCES; dprintf("FwHookDrv.sys: Error creating the IRP\n"); } // Free resources if(ipFileObject != NULL) ObDereferenceObject(ipFileObject); ipFileObject = NULL; ipDeviceObject = NULL; } else dprintf("FwHookDrv.sys: Error getting pointer to Ip driver.\n"); return status; } |
|
|
地板#
发布于:2012-04-23 21:47
FORWARD_ACTION cbFilterFunction(VOID **pData,
UINT RecvInterfaceIndex, UINT *pSendInterfaceIndex, UCHAR *pDestinationType, VOID *pContext, UINT ContextLength, struct IPRcvBuf **pRcvBuf) { FORWARD_ACTION result = FORWARD; char *packet = NULL; int bufferSize; struct IPRcvBuf *buffer =(struct IPRcvBuf *) *pData; PFIREWALL_CONTEXT_T fwContext = (PFIREWALL_CONTEXT_T)pContext; // First I get the size of the packet if(buffer != NULL) { bufferSize = buffer->ipr_size; while(buffer->ipr_next != NULL) { buffer = buffer->ipr_next; bufferSize += buffer->ipr_size; } // Reserve memory for the complete packet. packet = (char *) ExAllocatePool(NonPagedPool, bufferSize); if(packet != NULL) { IPHeader *ipp = (IPHeader *)packet; unsigned int offset = 0; buffer = (struct IPRcvBuf *) *pData; memcpy(packet, buffer->ipr_buffer, buffer->ipr_size); while(buffer->ipr_next != NULL) { offset += buffer->ipr_size; buffer = buffer->ipr_next; memcpy(packet + offset, buffer->ipr_buffer, buffer->ipr_size); } // Call filter function // The header field untis is words (32bits) // lenght in bytes = ipp->headerLength * (32 bits/8) result = FilterPacket(packet, packet + (ipp->headerLength * 4), bufferSize - (ipp->headerLength * 4), (fwContext != NULL) ? fwContext->Direction: 0, RecvInterfaceIndex, (pSendInterfaceIndex != NULL) ? *pSendInterfaceIndex : 0); } else dprintf("FwHookDrv.sys: Insufficient resources.\n"); } if(packet != NULL) ExFreePool(packet); // Default operation: Accept all. return result; } |
|