|
阅读:3242回复:8
关于IP Filter Driver Hook的例子程序的加载问题?
我在这里下载了fracker的IP Filter Driver Hook的例子程序。
我用DriverStudio的Driver monitor加载它后,发现不能过滤 ICMP包,局域网的机子还能ping 过我. 请问这个例子程序应该怎么样安装? |
|
|
|
沙发#
发布于:2002-11-09 23:33
我的例子里面本来就没有过滤ICMP包,只是根据报文找到ICMP包,然后打出来一条信息而已。
|
|
|
板凳#
发布于:2002-11-12 17:49
原来如此
|
|
|
|
地板#
发布于:2002-11-12 22:21
我发现是无法加载它,显示
\"Set IpFilterDriver Hook failed\" 是不是操作系统的问题? 我的操作系统是window 2000 sever,DDK2000 以下是fracker的代码: /* * 作者: fracker * 联系:fracker@yeah.net * 时间:2002-9-6 16:05 * 声明: * 1. 本程序为开放源代码,对源代码的使用没有任何限制,但因为使用本代码所带来 * 的任何后果,作者不负任何责任。 * 2. 本程序中得不完善或者错误的地方,请指出并E-mail作者。 * 3。更多测试,更多bug. * */ #include \"ntddk.h\" #include \"ntddndis.h\" #include \"pfhook.h\" #include \"ifh.h\" /* * Hook函数,这个函数里面,我们过滤所有的ICMP包!! */ PF_FORWARD_ACTION IfHookProc( unsigned char *PacketHeader, unsigned char *Packet, unsigned int PacketLength, unsigned int RecvInterfaceIndex, unsigned int SendInterfaceIndex, IPAddr RecvLinkNextHop, IPAddr SendLinkNextHop ) { char * ptr; IPHeader * pHdr = ( IPHeader * )PacketHeader; ptr = &pHdr->iph_dest; DbgPrint( \"Destination is %d.%d.%d.%d\\n\", *ptr, *(ptr+1), *(ptr+2), *(ptr+3) ); if( pHdr->iph_protocol == IPPROTO_ICMP ) { /* 同样也可以拦截其他的包 */ DbgPrint( \"ICMP packet had been dropped !\\n\" ); return PF_DROP; //这是我加的. } return PF_PASS; } NTSTATUS SetIpFilterHook( PacketFilterExtensionPtr pHookProc ) { UNICODE_STRING IfName; PFILE_OBJECT pIfFileObject = NULL; PDEVICE_OBJECT pIfDeviceObject = NULL; PF_SET_EXTENSION_HOOK_INFO HookInfo; IO_STATUS_BLOCK IoStatusBlock; KEVENT Event; NTSTATUS Status; PIRP Irp; RtlInitUnicodeString( &IfName, DD_IPFLTRDRVR_DEVICE_NAME ); if( STATUS_SUCCESS == IoGetDeviceObjectPointer( &IfName, FILE_ALL_ACCESS, &pIfFileObject, &pIfDeviceObject ) ) { if( pIfDeviceObject != NULL ) { HookInfo.ExtensionPointer = pHookProc; KeInitializeEvent( &Event, NotificationEvent, TRUE ); Irp = IoBuildDeviceIoControlRequest( IOCTL_PF_SET_EXTENSION_POINTER, pIfDeviceObject, pHookProc?( ( PVOID )&HookInfo ) : NULL, sizeof( PF_SET_EXTENSION_HOOK_INFO ), NULL, 0, FALSE, &Event, &IoStatusBlock ); if( Irp ) { Status = IoCallDriver( pIfDeviceObject, Irp ); if( STATUS_PENDING == Status ) Status = KeWaitForSingleObject( &Event, Executive, KernelMode, FALSE, NULL ); return Status; } } } return STATUS_UNSUCCESSFUL; } NTSTATUS IfhDispatch( IN PDEVICE_OBJECT pDO, IN PIRP Irp ) { Irp->IoStatus.Information = 0; Irp->IoStatus.Status = STATUS_SUCCESS; IoCompleteRequest( Irp, IO_NO_INCREMENT ); return STATUS_SUCCESS; } VOID IfhUnload( PDRIVER_OBJECT DriverObject ) { UNICODE_STRING SymbolName; PDEVICE_OBJECT pDeviceObject; PDEVICE_OBJECT pNextObject; if( DriverObject ) { SetIpFilterHook( NULL ); RtlInitUnicodeString( &SymbolName, DD_SYMBOL_NAME ); IoDeleteSymbolicLink( &SymbolName ); pDeviceObject = DriverObject->DeviceObject; while( pDeviceObject ) { pNextObject = pDeviceObject->NextDevice; IoDeleteDevice( pDeviceObject ); pDeviceObject = pNextObject; } } } NTSTATUS DriverEntry( PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath ) { UNICODE_STRING DeviceName; UNICODE_STRING SymbolName; PDEVICE_OBJECT pDeviceObject; int i; DbgPrint( \"IpFilterHook\\n\" ); for( i=0; i<IRP_MJ_MAXIMUM_FUNCTION; i++ ) DriverObject->MajorFunction = IfhDispatch; DriverObject->DriverUnload = IfhUnload; RtlInitUnicodeString( &DeviceName, DD_DEVICE_NAME ); IoCreateDevice( DriverObject, 0, &DeviceName, FILE_DEVICE_NULL, 0, FALSE, &pDeviceObject ); RtlInitUnicodeString( &SymbolName, DD_SYMBOL_NAME ); IoCreateSymbolicLink( &SymbolName, &DeviceName ); if( STATUS_SUCCESS == SetIpFilterHook( IfHookProc ) ) { DbgPrint( \"Set IpFilterDriver Hook success.\\n\" ); } else { DbgPrint( \"Set IpFilterDriver Hook failed.\\n\" ); } return STATUS_SUCCESS; } |
|
|
|
地下室#
发布于:2002-11-12 23:54
显然你的IpFilterDriver没有加载起来,你在dos提示符下,输入net start IpFilterDriver,然后再试试。
|
|
|
5楼#
发布于:2002-11-13 11:28
谢谢fracker.
|
|
|
|
6楼#
发布于:2002-11-27 20:07
怎么编译啊?????????
|
|
|
7楼#
发布于:2003-01-21 19:37
你DbgPrint出来的IP不对啊,是因为字节顺序问题么?
|
|
|
8楼#
发布于:2005-03-15 16:33
DD_IPFLTRDRVR_DEVICE_NAME 是怎样定义的 \\Device\\Ip? |
|
|