blackice的个人防火墙是imd驱动安装怎么不用重新启动os?

这是利用什么技术啊?

谢谢

在2000下IMD本身就不需要重起！

本来就不重启吧，2k以后的操作系统在实现协议时就使用了一个层，向下提供一些接口，网卡驱动也被定义成为一个层向上提供一些接口，imd安装后直接替换了这些接口，把自己插到协议和网卡之间，同时替换两个接口。我乱说了。大家多挑毛病。。。。

谢谢楼上的朋友,

对于防火墙开发,imd和ndis hook哪个对包过滤更好?

能否使用imd + tdi filter 综合写firewall?

发现介绍blackice的
BlackICE Defender has the equivalent of an intermediate driver. In
order to get widespread compatibility with VPN clients and other
networking stuff, the driver has morphed a bit, so it isn\'t a _strict_
intermediate driver. E.g. many VPNs use intermediate drivers, but you
can have only one in the stack on many Windows systems, so having both
at the same time gets tricky.


The upshot is that it isn\'t an official Microsoft Intermediate Driver,
but yet it is essentially a form of an intermediate driver, and sits at
the same place in the stack.


For those of you new to this, there are many places you can interfer
with network traffic. The stack on Windows looks something like:


winsock2.dll (analogous to libsock.so)
TDI
TCP/IP
intermediate drivers
NDIS
physical hardware


Older systems replaced the winsock API, but that interferred with a lot
of stuff. A lot of stuff these days taps into TDI as the best way of
being just one step below the application. Intermediate drivers are
just one step above the network. (Which means, for example, that TDI
gets reassembled packets, but intermediate drivers have to do their own
reassembly).


NDIS is the driver for the hardware. (As an offside, BlackICE Sentry,
the full NIDS version of the software, replaces NDIS and gets rid of
the entire stack above it for sniffing).


This is a simplification of the stack. There is actually a lot more
interesting stuff you can do to interfer with networking. For example,
Microsoft has a new firewalling API that taps directly into the TCP/IP
stack, but that only works on Win2k. WinXP has a bunch of new
firewalling stuff that I don\'t understand yet.

用imd吧，和进程无关的事情都可做，过滤，改包