Windows防火墙编程 [英] Windows Firewall Programming
问题描述
在我创建此问题之前,我已经搜索了很多遍,因此,如果那里有一些教程,请原谅。我没找到他们。
如何在Windows中编写防火墙应用程序?我考虑过在每个进程中都使用内联挂钩的usermode fiewall,但是存在一个问题,即我无法在Windows 7中挂钩csrss.exe(创建新进程)。第二件事是,它不是很干净,并且将确定检测为恶意软件。
所以我认为我应该将内核模式的API挂接到驱动程序上。但是有3个问题。
I googled many times till I created this question, so please excuse me if there are some tutorials out there. I didn't found them. How can I code a firewall application in windows? I thought about a usermode fiewall using inline hooks in every process, but there is the problem that I can't hook csrss.exe (which creates the new processes) in windows 7. The second thing is that it's not very clean and will be detected as malware for sure. So I think that I should hook the APIs in kernel mode as a driver. But there are 3 problems.
- 首先,我不知道Windows套接字的内核API
。 - 第二,我对内核
模式挂钩没有任何经验。 - 第三,我不知道
是否正确。
不用担心,我知道这并不容易,而且我不是jsut想法的初学者;)。如果任何人都有好的信息,请分享。
哦,我想为x86 Systems编写代码;)。
Don't worry, I know that it's not easy and I'm not a beginner with jsut an idea ;). If anyone has got good information please share it. Oh and I want to write for x86 Systems ;).
推荐答案
您需要 Windows过滤平台(WFP)。
使用WFP API,开发人员可以
实施防火墙,入侵
检测系统,防病毒程序,
网络监视工具和家长
控制项。 WFP与之集成,
支持防火墙功能
,例如经过身份验证的通信
和动态防火墙配置
(基于应用程序对套接字的使用)
API(基于应用程序的策略) )。粮食计划署
还提供用于IPsec
策略管理,更改
通知,网络诊断,
和状态过滤的基础结构。
With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications' use of sockets API (application-based policy). WFP also provides infrastructure for IPsec policy management, change notifications, network diagnostics, and stateful filtering.
这篇关于Windows防火墙编程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
