資源簡介
網絡防火墻就是一個位于計算機和它所連接的網絡之間的軟件。該計算機流入流出的所有網絡通信均要經過此防火墻。防火墻對流經它的網絡通信進行掃描,這樣能夠過濾掉一些攻擊,以免其在目標計算機上被執行。防火墻還可以關閉不使用的端口。而且它還能禁止特定端口的流出通信,封鎖特洛伊木馬。最后,它可以禁止來自特殊站點的訪問,從而防止來自不明入侵者的所有通信。
這里首先論述了各種常用的網絡封包截獲方法,包括傳輸層過濾驅動程序、NDIS中間驅動程序和Winsock 2 SPI。然后以Xfilter個人防火墻為實例,從功能分析、模塊設計、文件結構定義、界面設計到編碼、制作幫助文件及制作安裝盤,完整地介紹了軟件開發的全過程。因此,從本書中不僅可以學到較為全面的封包截獲技術,而且可以借鑒工程化的方法制作自己的軟件。
網絡防火墻源碼,對防火墻感興趣的人可以下載。全套代碼,包里還有對應網站的網頁。
代碼片段和文件信息
///////////////////////////////////////////////////////////////////////
//?Copyright?(c)?2001-2002
//?XStudio?Technology?All?Right?Reserved.
//?Author:?Tony?Zhu
//?2001-7-16?Create
//?summary:
// This?Program?to?demo?the?Intermediate?TDI?Driver.
// This?is?main?file.?It?include:
// 1.?initialize?function :?DriverEntry
// 2.?Unload?function :?PacketUnload
// 3.?Dispatch?function :?PacketDispatch
///////////////////////////////////////////////////////////////////////
#include?
#include?
#include?
#include?“packet.h“
NTSTATUS
DriverEntry(
IN PDRIVER_object Driverobject
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS status =?0;
????ULONG i;
DBGPRINT(“DriverEntry?Loading...\n“);
Driverobject->DriverUnload?=?PacketUnload;
????for?(i=0;?i?<=?IRP_MJ_MAXIMUM_FUNCTION;?i++)
????{
Driverobject->MajorFunction[i]?=?PacketDispatch;
????}
status?=?TCPFilter_Attach(DriverobjectRegistryPath);
return?status;
}
VOID?
PacketUnload(
IN?PDRIVER_object Driverobject
)
{
????PDEVICE_object Deviceobject;
????PDEVICE_object OldDeviceobject;
PTDIH_DeviceExtension pTDIH_DeviceExtension;
? DBGPRINT(“DriverEntry?unLoading...\n“);
Deviceobject?=?Driverobject->Deviceobject;
???while?(Deviceobject?!=?NULL)?
{
????????OldDeviceobject?=?Deviceobject;
pTDIH_DeviceExtension
=?(PTDIH_DeviceExtension?)Deviceobject->DeviceExtension;
if(?pTDIH_DeviceExtension->NodeType?
==?TDIH_NODE_TYPE_TCP_FILTER_DEVICE?)
TCPFilter_Detach(?Deviceobject?);???//?Calls?IoDeleteDevice
else
IoDeleteDevice(OldDeviceobject);
????????Deviceobject?=?Deviceobject->NextDevice;
????}
}
NTSTATUS
PacketDispatch(
????IN?PDEVICE_object Deviceobject
????IN?PIRP Irp
)
{
NTSTATUS RC?=?STATUS_SUCCESS;
PTDIH_DeviceExtension pTDIH_DeviceExtension;
PIO_STACK_LOCATION IrpStack;
PIO_STACK_LOCATION NextIrpStack;
pTDIH_DeviceExtension
=?(PTDIH_DeviceExtension?)(Deviceobject->DeviceExtension);
IrpStack?=?IoGetCurrentIrpStackLocation(Irp);
switch(IrpStack->MajorFunction)
{
case?IRP_MJ_CREATE:
? DBGPRINT(“PacketDispatch(IRP_MJ_CREATE)...\n“);
break;
case?IRP_MJ_CLOSE:
? DBGPRINT(“PacketDispatch(IRP_MJ_CLOSE)...\n“);
break;
case?IRP_MJ_CLEANUP:
? DBGPRINT(“PacketDispatch(IRP_MJ_CLEANUP)...\n“);
break;
case?IRP_MJ_INTERNAL_DEVICE_CONTROL:
switch?(IrpStack->MinorFunction)?
{
case?TDI_ACCEPT:
? DBGPRINT(“PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\
[TDI_ACCEPT])...\n“);
break;
case?TDI_ACTION:
? DBGPRINT(“PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\
[TDI_ACTION])...\n“);
break;
case?TDI_ASSOCIATE_ADDRESS:
? DBGPRINT(“PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\
[TDI_ASSOCIATE_ADDRESS])...\n“);
break;
case?TDI_DISASSOCIATE_ADDRESS:
? DBGPRINT(“PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\
[TDI_DISASSOCIATE_ADDRESS])...\n“);
break;
case?TDI_CON ?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
?????文件????????267??2001-07-10?15:27??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\MAKEFILE
?????文件??????10109??2002-01-08?19:46??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Packet.c
?????文件???????3474??2002-01-08?19:46??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\PACKET.H
?????文件?????????66??2006-08-28?18:19??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\E書中國.htm
?????文件????????940??2002-01-24?15:21??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\FilterTdiDriver.reg
?????文件???????6303??2001-12-28?01:28??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\FilterTdiDriver.sys
?????文件??????69352??2001-12-28?01:38??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\SAMPLE.TXT
?????文件???????2146??2006-08-28?18:19??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\使用說明.txt
?????文件?????????63??2006-08-28?18:19??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\教育中國.htm
?????文件?????????64??2006-08-28?18:19??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Setup\網志中國.htm
?????文件????????202??2002-01-02?13:15??Windows防火墻與網絡封包截獲技術源代碼\FilterTdiDriver\Sources
?????文件???????8371??2001-07-27?19:03??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\frmAcl.frm
?????文件???????3270??2001-07-27?19:03??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\frmAcl.frx
?????文件??????11769??2001-07-27?19:03??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\frmInfo.frm
?????文件???????2236??2001-07-27?19:03??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\frmInfo.frx
?????文件??????25946??2001-07-28?18:39??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\frmMain.frm
?????文件???????9950??2001-07-28?18:39??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\frmMain.frx
?????文件????????192??2001-07-27?15:24??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\MSSCCPRJ.SCC
?????文件??????65536??2002-05-28?12:41??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\XFILTER.EXE
?????文件????????959??2001-07-28?18:39??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\XFILTER.VBP
?????文件????????156??2001-07-29?19:22??Windows防火墻與網絡封包截獲技術源代碼\GuiDesign\XFILTER.VBW
?????文件????????267??2001-07-10?15:27??Windows防火墻與網絡封包截獲技術源代碼\MinDriver\MAKEFILE
?????文件???????1008??2001-09-18?15:27??Windows防火墻與網絡封包截獲技術源代碼\MinDriver\MinDriver.c
?????文件???????1005??2002-01-02?12:34??Windows防火墻與網絡封包截獲技術源代碼\MinDriver\MinDriver.h
?????文件????????842??2002-01-23?11:04??Windows防火墻與網絡封包截獲技術源代碼\MinDriver\MinDriver.reg
?????文件???????1603??2001-09-18?15:27??Windows防火墻與網絡封包截獲技術源代碼\MinDriver\MinDriver.sys
?????文件?????????81??2001-09-19?01:40??Windows防火墻與網絡封包截獲技術源代碼\MinDriver\Sources
?????文件????????276??2002-01-26?15:15??Windows防火墻與網絡封包截獲技術源代碼\MinDriverInVc\Build.bat
?????文件?????????66??2006-08-28?18:19??Windows防火墻與網絡封包截獲技術源代碼\MinDriverInVc\MinDriver\E書中國.htm
?????文件????????267??2001-07-10?15:27??Windows防火墻與網絡封包截獲技術源代碼\MinDriverInVc\MinDriver\MAKEFILE
............此處省略357個文件信息
評論
共有 條評論
川公網安備 51152502000135號