如何实现数据包搜索防火墙 [英] How to implement a packet searching firewall

问题描述

我需要创建一个程序，以监视进入特定过程的数据包.需要在每个传入数据包中搜索一个十六进制字符串(例如FF 00 00 03)，并将其修改为空(例如00 00 00 00).或者，如果更容易，则完全阻止数据包通过.
我目前有一个控制台应用程序，可以监视整个计算机进出的数据包.但是，我不知道如何读取整个数据包，它只是在读取标题信息，有什么想法吗?我目前正在使用WinPcap进行此操作.我不知道WinPcap是否可以修改数据包或搜索数据包，我只是看到它用于按IP或协议过滤数据包，而不是根据实际内容本身过滤数据包.有谁知道如何做到这一点?如果您需要我的源代码，请告诉我，我将其发布.

I need to create a program that monitors incoming packets to a certain process. Each incoming packet needs to be searched for a string of hex (e.g. FF 00 00 03) and modified to be null (e.g. 00 00 00 00). Or, if it''s easier, to just completely block the packet from coming through.
I currently have a console app that monitors packets from the whole machine, in and out. But, I can''t figure out how to read the whole packet, It''s just reading the header info, any ideas? I''m using WinPcap to do this at the moment. I don''t know if WinPcap can modify packets or search them though, I''ve only seen it used to filter packets by IP or protocol, not by the actual content itself. Does anyone know how to do this? If you need my source code please tell and I''ll post it.

推荐答案

我使用Microsoft Detours钩住了进程的send/recv函数并运行在通过目标进程发送之前，所有数据都通过我的应用程序.

I used the Microsoft Detours to hook the send/recv functions of a process and run all data through my application before sending through the target process.

我建​​议编写自己的驱动程序，因为如果我没有记错的话，WinpCap无法修改数据包. (您可以通过查看WinPcap文档或使用WinpCap的一个开源项目之一来读取数据包的内容)

如果您采纳我的建议并尝试编写驱动程序，那么您应该做的第一件事就是掌握最新的WDK(Windows驱动程序开发套件，我假设您的目标是NT平台)，您可能需要编写NDIS.协议驱动程序与NDIS中间驱动程序结合在一起


祝你好运！

D，库尔特.

I suggest writing your own driver since if i am not mistaken WinpCap is not capable of modifying packets. (you can read the contents of the packet though check the WinPcap documentation or one of the open source projects that use WinpCap)

If you take my suggestion and attempt to write a driver, the first thing you should do is get a hold of the Latest WDK (windows driver development kit, i am assuming your targeting the NT platform), you will probably need to write an NDIS Protocol Driver combined with an NDIS intermediate driver


Good Luck!!

D, Kurt.

这篇关于如何实现数据包搜索防火墙的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！