Windows筛选平台代码帮助 [英] Help with Windows Filtering platform code

问题描述

我编写了一个代码来阻止使用MSDN代码和一些粘合代码的应用程序，以使代码运行.但这不会阻止该应用程序.该过滤器的地址为FWPM_LAYER_ALE_AUTH_CONNECT_V4层.

但这不会阻止应用程序.

如何使用WFP阻止应用程序使用Internet(例如禁用Messenger)...

这是代码..

I wrote a code to block an application used the MSDN code along with some glue code to get the code running. But it does not block the application. The filter is addressed at FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer.

But it does not block the application.

How do i block an application from using internet using WFP (like disabling messengers) ...

This is the code ..

#include "windows.h"
#include "winioctl.h"
#include "strsafe.h"

#ifndef _CTYPE_DISABLE_MACROS
#define _CTYPE_DISABLE_MACROS
#endif

#include "fwpmu.h"

#include "winsock2.h"
#include "ws2def.h"

#include <conio.h>
#include <stdio.h>



#define INITGUID
#include <guiddef.h>



static const GUID WFPSAMPLER_PROVIDER = 
{
 /* 53504657-6D61-5F70-5072-6F7669646572 */
 0x53504657,
 0x6D61,
 0x5F70,
 {0x50, 0x72, 0x6F, 0x76, 0x69, 0x64, 0x65, 0x72}
};

/*
 FWPM_SUBLAYER Key
**/

static const GUID WFPSAMPLER_SUBLAYER = 
{
 /* 53504657-6D61-5F70-5375-624C61796572 */
 0x53504657,
 0x6D61,
 0x5F70,
 {0x53, 0x75, 0x62, 0x4C, 0x61, 0x79, 0x65, 0x72}
};





#define FILE_PATH L"%ProgramFiles%\\Windows Live\\Messenger\\msnmsgr.exe"

	FWP_BYTE_BLOB *fwpApplicationByteBlob;
  FWPM_FILTER0 fwpFilter;
  FWPM_FILTER_CONDITION0 fwpConditions[4];
  int conCount = 0;
  DWORD result = ERROR_SUCCESS; 
	FWPM_SESSION session;
	HANDLE engineHanle;
	FWPM_PROVIDER provider;
	FWPM_SUBLAYER sublayer;


void
RemoveFilter()
{
	printf("Unloading Driver");
	FwpmFilterDeleteById0(engineHanle, fwpFilter.filterId);
	
	 FwpmEngineClose0(engineHanle);
	 engineHanle=0;

	return;
}


void FilterByApp()
     
{
	
	 session.displayData.name=L"My Session";
	 session.flags=FWPM_SESSION_FLAG_DYNAMIC;

	 provider.displayData.name=L"My Provider";
	 provider.providerKey=WFPSAMPLER_PROVIDER;
	 
	sublayer.displayData.name=L"My Sublayer";
	sublayer.subLayerKey=WFPSAMPLER_SUBLAYER;
	sublayer.providerKey=(GUID *)&WFPSAMPLER_PROVIDER;

  fwpApplicationByteBlob = 0;//(FWP_BYTE_BLOB*) malloc(sizeof(FWP_BYTE_BLOB));
  
  printf("Retrieving application identifier for filter testing.\n"); 
  result = FwpmGetAppIdFromFileName0(FILE_PATH, &fwpApplicationByteBlob);
	
  if (result != ERROR_SUCCESS)
  {
    printf("FwpmGetAppIdFromFileName failed (%d).\n", result);
    return;
  }

	 // Application identifier filter condition.
	 fwpConditions[conCount].fieldKey = FWPM_CONDITION_ALE_APP_ID;
	 fwpConditions[conCount].matchType = FWP_MATCH_EQUAL;
	 fwpConditions[conCount].conditionValue.type = FWP_BYTE_BLOB_TYPE;
	 fwpConditions[conCount].conditionValue.byteBlob = fwpApplicationByteBlob;
			
	 ++conCount;

	 // TCP protocol filter condition
	 fwpConditions[conCount].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
	 fwpConditions[conCount].matchType = FWP_MATCH_EQUAL;
	 fwpConditions[conCount].conditionValue.type = FWP_UINT8;
	 fwpConditions[conCount].conditionValue.uint8 = IPPROTO_TCP;

	 ++conCount;

	 // Add conditions and condition count to a filter.
	 memset(&fwpFilter, 0, sizeof(FWPM_FILTER0));
	 	 
	 FwpmEngineOpen(0,
       RPC_C_AUTHN_WINNT,
       0,
       &session,
			 &engineHanle);
	 
	 
	fwpFilter.layerKey=FWPM_LAYER_ALE_AUTH_CONNECT_V4 ;
	fwpFilter.subLayerKey=sublayer.subLayerKey;
	 fwpFilter.numFilterConditions = conCount;
	 fwpFilter.action.type= FWP_ACTION_BLOCK;
	 fwpFilter.filterCondition = fwpConditions;

	 FwpmTransactionBegin(engineHanle,0);

	 FwpmProviderAdd(engineHanle,&provider,0);
	 FwpmSubLayerAdd(engineHanle,&sublayer,0);
	 FwpmFilterAdd(engineHanle,&fwpFilter,0,&(fwpFilter.filterId));


	 FwpmTransactionCommit(engineHanle);

  return;
}



DWORD
MonitorAppProcessArguments(__in int argc, __in_ecount(argc) PCSTR argv[])
{
  DWORD result = ERROR_NOT_FOUND;

  /*if (argc != 2)
  {
   return ERROR_TOO_MANY_CMDS;
  }*/
  if (_stricmp(argv[1], "addfilter") == 0)
  {
   FilterByApp();
  }
  else if (_stricmp(argv[1], "delfilter") == 0)
  {
   RemoveFilter();
  }
  else
  {
		printf("ERROR IN ARGUMENTS");
  }
  
  
  return result;
}


void __cdecl main(__in int argc, __in_ecount(argc) PCSTR argv[])
{
	   MonitorAppProcessArguments(argc, argv);
	 
  return;
}

请帮助我...

谢谢.........

Please help me .....

Thanks .........

推荐答案

我对此很陌生，刚刚阅读完MSDN文档，您的规则是动态的，这意味着当您处理结束时，添加的规则将被删除.如果您在锁定的环境中执行此操作，则可以创建一个服务，该服务在启动时添加所需的规则，在停止时将其删除(您甚至不必根据示例进行任何清理或删除)我从MS看到的代码)，只要用户没有启动和停止服务的权限...或者您可以使用其他类型的规则，但是如果需要，您将必须创建代码来撤消更改，我认为.

I''m new to this and just got done reading the MSDN documentation, and your rule is dynamic which means that when you process ends the rules that you added are removed. If you are doing this in a locked down environment you could create a service that when started adds the rules you want and when it is stopped they will be removed (you don''t even have to do any cleanup or removal according to the sample code i saw from MS) as long as users don''t have permission to start and stop services...or you can use the other type of rules but then you will have to create code to undo your change if needed i would think.

这篇关于Windows筛选平台代码帮助的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！