/*
FwHookDrv.c
Author: Jes�s O.
Last Updated: 12/09/03
*/
#include <string.h>
#include <stdio.h>
#include <ntddk.h>
#include <ndis.h>
#include <ipFirewall.h>
#include "FwHookDrv.h"
#include "NetHeaders.h"
#if DBG
#define dprintf DbgPrint
#else
#define dprintf(x)
#endif
BOOLEAN loaded = FALSE;
#define NT_DEVICE_NAME L"\\Device\\FwHookDrv"
#define DOS_DEVICE_NAME L"\\DosDevices\\FwHookDrv"
// Structure to define the linked list of rules
struct filterList
{
IPFilter ipf;
struct filterList *next;
};
// Function declarations
NTSTATUS DrvDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp);
VOID DrvUnload(IN PDRIVER_OBJECT DriverObject);
NTSTATUS SetFilterFunction(IPPacketFirewallPtr filterFunction, BOOLEAN load);
NTSTATUS AddFilterToList(IPFilter *pf);
void ClearFilterList(void);
FORWARD_ACTION cbFilterFunction(VOID **pData,
UINT RecvInterfaceIndex,
UINT *pSendInterfaceIndex,
UCHAR *pDestinationType,
VOID *pContext,
UINT ContextLength,
struct IPRcvBuf **pRcvBuf);
FORWARD_ACTION FilterPacket(unsigned char *PacketHeader,
unsigned char *Packet,
unsigned int PacketLength,
DIRECTION_E direction,
unsigned int RecvInterfaceIndex,
unsigned int SendInterfaceIndex);
struct filterList *first = NULL;
struct filterList *last = NULL;
/*++
Description:
Entry point of the driver.
Arguments:
DriverObject - pointer to a driver object
RegistryPath - pointer to a unicode string that contain registry path.
Return:
STATUS_SUCCESS if success
STATUS_UNSUCCESSFUL If the function fails
--*/
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
PDEVICE_OBJECT deviceObject = NULL;
NTSTATUS ntStatus;
UNICODE_STRING deviceNameUnicodeString;
UNICODE_STRING deviceLinkUnicodeString;
dprintf("FwHookDrv.sys: Loading Driver....\n");
// Create the device
RtlInitUnicodeString(&deviceNameUnicodeString, NT_DEVICE_NAME);
ntStatus = IoCreateDevice(DriverObject,
0,
&deviceNameUnicodeString,
FILE_DEVICE_FWHOOKDRV,
0,
FALSE,
&deviceObject);
if ( NT_SUCCESS(ntStatus) )
{
// Create symbolic link
RtlInitUnicodeString(&deviceLinkUnicodeString, DOS_DEVICE_NAME);
ntStatus = IoCreateSymbolicLink(&deviceLinkUnicodeString, &deviceNameUnicodeString);
if ( !NT_SUCCESS(ntStatus) )
{
dprintf("FwHookDrv.sys: Error al crear el enlace simb�lico.\n");
}
// Define driver's control functions
DriverObject->MajorFunction[IRP_MJ_CREATE] =
DriverObject->MajorFunction[IRP_MJ_CLOSE] =
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DrvDispatch;
DriverObject->DriverUnload = DrvUnload;
}
if ( !NT_SUCCESS(ntStatus) )
{
dprintf("Error Intitializing. Unloading driver...");
DrvUnload(DriverObject);
}
return ntStatus;
}
/*++
Description:
Process all IRPs the driver receive
Arguments:
DeviceObject - Pointer to device object
Irp - IRP
--*/
NTSTATUS DrvDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{
PIO_STACK_LOCATION irpStack;
PVOID ioBuffer;
ULONG inputBufferLength;
ULONG outputBufferLength;
ULONG ioControlCode;
NTSTATUS ntStatus;
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
// Get pointer to current stack location
irpStack = IoGetCurrentIrpStackLocation(Irp);
// Get pointer to buffer information
ioBuffer = Irp->AssociatedIrp.SystemBuffer;
inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength;
outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch (irpStack->MajorFunction)
{
case IRP_MJ_CREATE:
dprintf("FwHookDrv.sys: IRP_MJ_CREATE\n");
break;
case IRP_MJ_CLOSE:
dprintf("FwHookDrv.sys: IRP_MJ_CLOSE\n");
break;
case IRP_MJ_DEVICE_CONTROL:
dprintf("DrvFltIp.SYS: IRP_MJ_DEVICE_CONTROL\n");
ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode;
switch (ioControlCode)
{
// IOCTL to install filter function.
case START_IP_HOOK:
{
if(!loaded)
{
loaded = TRUE;
SetFilterFunction(cbFilterFunction, TRUE);
}
break;
}
// IOCTL to delete filter function.
case STOP_IP_HOOK:
{
if(loaded)
{
loaded = FALSE;
SetFilterFunction(cbFilterFunction, FALSE);
}
break;
}
// IOCTL to add filter rule.
case ADD_FILTER:
{
if(inputBufferLength == sizeof(IPFilter))
{
IPFilter *nf;
nf = (IPFilter *)ioBuffer;
AddFilterToList(nf);
}
break;
}
// IOCTL to delete filter rule.
case CLEAR_FILTER:
{
ClearFilterList();
break;
}
default:
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
dprintf("FwHookDrv.sys: Unknown IOCTL.\n");
break;
}
break;
}
// We can't return Irp-IoStatus directly because after IoCompleteRequest
// we aren't the owners of the IRP.
ntStatus = Irp->IoStatus.Status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return ntStatus;
}
/*++
Description:
Unload the driver. Free all resources.
Arguments:
DriverObject - Pointer to driver object.
--*/
VOID DrvUnload(IN PDRIVER_OBJECT DriverObject)
{
UNICODE_STRING deviceLinkUnicodeString;
dprintf("FwHookDrv.sys: Unloading driver...\n");
if(loaded)
{
loaded = FALSE;
SetFilterFunction(cbFilterFunction, FALSE);
}
// Free filter rules
ClearFilterList();
// Remove symbolic link
RtlInitUnicodeString(&deviceLinkUnicodeString, DOS_DEVICE_NAME);
IoDeleteSymbolicLink(&deviceLinkUnicodeString);
// Remove the device
IoDeleteDevice(DriverObject->DeviceObject);
}
/*++
Description:
Install/Uninstall the filter function
Arguments:
filterFunction - Pointer to the filter function.
load - If TRUE, the function is added. Else, the function will be removed.
Return:
STATUS_SUCCESS If success,
--*/
NTSTATUS SetFilterFunction(IPPacketFirewallPtr filterFunction, BOOLEAN load)
{
NTSTATUS status = STATUS_SUCCESS, waitStatus=STATUS_SUCCESS;
UNICODE_STRING filterName;
PDEVICE_OBJECT ipDeviceObject=NULL;
PFILE_OBJECT ipFileObject=NULL;
IP_SET_FIREWALL_HOOK_INFO filterData;
KEVENT event;
IO_STATUS_BLOCK ioStatus;
PIRP irp;
// Get pointer to Ip device
RtlInitUnicodeString(&filterName, DD_IP_DEVICE_NAME);
status = IoGetDeviceObjectPointer(&filterName,STANDARD_RIGHTS_ALL, &ipFileObject, &ipDeviceObject);
if(NT_SUCCESS(status))
{
// Init firewall hook structure
filterData.FirewallPtr = filterFunction;
filterData.Priority = 1;
filterData.Add = load;
KeInitializeEvent(&event, NotificationEvent, FALSE);
// Build Irp to establish filter function
irp = IoBuildDeviceIoControlRequest(IOCTL_IP_SET_FIREWALL_HOOK,
ipDeviceObject,
(PVOID) &filterData,
sizeof(IP_SET_FIREWALL_HOOK_INFO),
NULL,
0,
FALSE,
&event,
&ioStatus);
if(irp != NULL)
{
// Send the Irp and wait for its completion
status = IoCallDriver(ipDeviceObject, irp);
if (status == STATUS_PENDING)
{
waitStatus = KeWaitForSingleObject(&event, Ex
amd2600
- 粉丝: 2
- 资源: 24
最新资源
- 毕设和企业适用springboot全渠道电商平台类及图书管理系统源码+论文+视频.zip
- 毕设和企业适用springboot全渠道电商平台类及市场营销自动化平台源码+论文+视频.zip
- 毕设和企业适用springboot全渠道电商平台类及直播流媒体平台源码+论文+视频.zip
- 毕设和企业适用springboot人工智能类及资源调度平台源码+论文+视频.zip
- 毕设和企业适用springboot人力资源管理类及电商产品推荐平台源码+论文+视频.zip
- 毕设和企业适用springboot人力资源管理类及城市智能运营平台源码+论文+视频.zip
- 毕设和企业适用springboot社交互动平台类及个性化广告平台源码+论文+视频.zip
- 毕设和企业适用springboot社交电商类及自动化控制系统源码+论文+视频.zip
- 毕设和企业适用springboot社交互动平台类及餐饮管理平台源码+论文+视频.zip
- 毕设和企业适用springboot全渠道电商平台类及智能交通大数据平台源码+论文+视频.zip
- 毕设和企业适用springboot全渠道电商平台类及智能农业平台源码+论文+视频.zip
- 毕设和企业适用springboot人才招聘类及餐饮管理平台源码+论文+视频.zip
- 毕设和企业适用springboot人力资源管理类及环保监控平台源码+论文+视频.zip
- 毕设和企业适用springboot人力资源管理类及活动管理平台源码+论文+视频.zip
- 毕设和企业适用springboot人力资源管理类及健康管理平台源码+论文+视频.zip
- 毕设和企业适用springboot社交互动平台类及环境监控平台源码+论文+视频.zip
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈