请教关于Firewall-Hook Driver

楼主^#

更多发布于：2005-07-14 18:18

  用的现成的Firewall-Hook Driver代码。实现对发送数据和接受数据的加密，解密，加密解密都简单的通过异或。仅仅是对应用层的数据加密解密。
在小数据量的情况下程序没问题。一切运行正常。
但是在大数据量的情况下，比如用ftp服务，下载一个几M大小的文件时。
文件大小正常，但是文件中的部分数据是错误的。不知道怎么一会事。
初涉驱动希望大侠指点一二。

部分代码：
FORWARD_ACTION FilterPacket(unsigned char *PacketHeader,
   unsigned char *Packet,
   unsigned int PacketLength,
   DIRECTION_E direction,
   unsigned int RecvInterfaceIndex,
   unsigned int SendInterfaceIndex,
   struct IPRcvBuf* buffer)
{
   IPHeader *ipp;
   TCPHeader *tcph;
   UDPHeader *udph;
   ICMPHeader *icmph;

   int countRule = 0;

   int tcplen ;
   int datalen ;
   struct filterList *aux = first;

   BOOLEAN retTraffic;

   char* p;
   int i;
   int all;
   int t;

   // Extract Ip header.
   ipp=(IPHeader *)PacketHeader;


   if(ipp->protocol == IPPROTO_ICMP)
   {
   icmph = (ICMPHeader *) Packet;
   }

   if(ipp->protocol == IPPROTO_TCP)
   {
   tcph=(TCPHeader *)Packet;
   tcplen = tcph->offset*4; //计算tcp头部长度
   datalen = PacketLength-tcplen; //应用层数据长度
   p=Packet+tcplen; //第一个数据


   if ( datalen >0 )
   {
   all=(20+tcplen); //IP头长度＋tcp头长
   //跳过ip头和tcp头
   while(buffer != NULL && all>=0 )
   {
   t=all;
   all -= buffer->ipr_size;
   if ( all < 0 )
   {
   break;
   }
   buffer = buffer->ipr_next;
   }
   //这时t是当前bufer应用层数据在ipr_buffer偏移量。

   while(buffer != NULL)
   {
   while( t< ( buffer->ipr_size) )
   {
   // dprintf("%x",buffer->ipr_buffer[t]);
   (buffer->ipr_buffer[t])^=0x11; //对数据加密和解密
   t++;
   }
   t=0;
   buffer = buffer->ipr_next;
   }
   }

   }
   return FORWARD;
}

NTSTATUS SetFilterFunction(IPPacketFirewallPtr filterFunction, BOOLEAN load)
{
   NTSTATUS status = STATUS_SUCCESS, waitStatus=STATUS_SUCCESS;
   UNICODE_STRING filterName;
   PDEVICE_OBJECT ipDeviceObject=NULL;
   PFILE_OBJECT ipFileObject=NULL;

   IP_SET_FIREWALL_HOOK_INFO filterData;

   KEVENT event;
   IO_STATUS_BLOCK ioStatus;
   PIRP irp;

   // Get pointer to Ip device
   RtlInitUnicodeString(&filterName, DD_IP_DEVICE_NAME);
   status = IoGetDeviceObjectPointer(&filterName,STANDARD_RIGHTS_ALL, &ipFileObject, &ipDeviceObject);

   if(NT_SUCCESS(status))
   {
   // Init firewall hook structure
   filterData.FirewallPtr = filterFunction;
   filterData.Priority = 1;
   filterData.Add = load;

   KeInitializeEvent(&event, NotificationEvent, FALSE);

   // Build Irp to establish filter function
   irp = IoBuildDeviceIoControlRequest(IOCTL_IP_SET_FIREWALL_HOOK,
   ipDeviceObject,
   (PVOID) &filterData,
   sizeof(IP_SET_FIREWALL_HOOK_INFO),
   NULL,
   0,
   FALSE,
   &event,
   &ioStatus);

   if(irp != NULL)
   {
   // Send the Irp and wait for its completion
   status = IoCallDriver(ipDeviceObject, irp);


   if (status == STATUS_PENDING)
   {
   waitStatus = KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);

   if (waitStatus != STATUS_SUCCESS )
   dprintf("FwHookDrv.sys: Error waiting for Ip Driver.");
   }

   status = ioStatus.Status;

   if(!NT_SUCCESS(status))
   dprintf("FwHookDrv.sys: E/S error with Ip Driver\n");
   }

   else
   {
   status = STATUS_INSUFFICIENT_RESOURCES;

   dprintf("FwHookDrv.sys: Error creating the IRP\n");
   }

   // Free resources
   if(ipFileObject != NULL)
   ObDereferenceObject(ipFileObject);

   ipFileObject = NULL;
   ipDeviceObject = NULL;
   }

   else
   dprintf("FwHookDrv.sys: Error getting pointer to Ip driver.\n");

   return status;
}

/*++

Description:

   Firewall Hook filter function.

Arguments:

--*/

FORWARD_ACTION cbFilterFunction(VOID **pData,
   UINT RecvInterfaceIndex,
   UINT *pSendInterfaceIndex,
   UCHAR *pDestinationType,
   VOID *pContext,
   UINT ContextLength,
   struct IPRcvBuf **pRcvBuf)
{

   FORWARD_ACTION result = FORWARD;
   char *packet = NULL;
   int bufferSize;
   struct IPRcvBuf *buffer =(struct IPRcvBuf *) *pData;
   PFIREWALL_CONTEXT_T fwContext = (PFIREWALL_CONTEXT_T)pContext;

   // First I get the size of the packet
   if(buffer != NULL)
   {
   bufferSize = buffer->ipr_size;

   while(buffer->ipr_next != NULL)
   {
   buffer = buffer->ipr_next;

   bufferSize += buffer->ipr_size;
   }

   // Reserve memory for the complete packet.
   packet = (char *) ExAllocatePool(NonPagedPool, bufferSize);
   if(packet != NULL)
   {
   IPHeader *ipp = (IPHeader *)packet;
   unsigned int offset = 0;

   buffer = (struct IPRcvBuf *) *pData;

   memcpy(packet, buffer->ipr_buffer, buffer->ipr_size);


   while(buffer->ipr_next != NULL)
   {
   offset += buffer->ipr_size;
   buffer = buffer->ipr_next;

   memcpy(packet + offset, buffer->ipr_buffer, buffer->ipr_size);
   }


   buffer = (struct IPRcvBuf *) *pData;
   // Call filter function
   // The header field untis is words (32bits)
   // lenght in bytes = ipp->headerLength * (32 bits/8)
   result = FilterPacket(packet,
   packet + (ipp->headerLength * 4),
   bufferSize - (ipp->headerLength * 4),
   (fwContext != NULL) ? fwContext->Direction: 0,
   RecvInterfaceIndex,
   ((pSendInterfaceIndex != NULL) ? *pSendInterfaceIndex : 0),
   buffer);

   }

   else
   dprintf("FwHookDrv.sys: Insufficient resources.\n");
   }

   if(packet != NULL)
   ExFreePool(packet);

   // Default operation: Accept all.
   return result;
}

附件名称/大小下载次数最后更新: Driver.rar (18KB) 99

喜欢0

发帖回复

« 返回列表

您需要登录后才可以回帖，登录或者注册

返回顶部

请教关于Firewall-Hook Driver

最新喜欢：