是否可以使用 LSP/SPI 拦截 dns 查询? [英] Is it possible to intercept dns queries using LSP/SPI?
问题描述
我编写了自己的 LSP,运行良好.但是,我无法捕获 dns 查询.例如,没有像 WSPGetHostByName 或 WSPGetAddrInfo 这样的函数.
I wrote my own LSP which is working fine. However, I can not catch dns queries. For example there is no function like WSPGetHostByName or WSPGetAddrInfo.
我的 lsp 也支持 UDP 协议,但它不工作.如果我从控制台 (cmd.exe) 运行 nslookup,它似乎可以工作,但我无法捕获 gethostbyname.有谁知道这是怎么做到的吗?我不认为编写 NSP(名称服务提供商)是一种解决方案.但我可能错了.
My lsp also supports UDP protocol but it is not working. If I run nslookup from console (cmd.exe) it seems working but i can not catch gethostbyname. Does anyone know how to do that? I don't think writing NSP (Name Service Provider) is a solution. But I might be wrong.
谢谢
推荐答案
我们开发了一个可以拦截"DNS 查询的 LSP.唯一的方法是挂钩所有 DNS 功能,请记住,您需要解决一些挑战:
We have developed a LSP that can "intercept" DNS queries. The only way to do it is by hooking into all of the DNS functions, keep in mind there are a few challenges you need to solve:
- 您需要使用一个支持 32 位和 64 位代码的良好挂钩库.
- 库许可必须适合您的应用程序,有一些免费库,但只能在免费项目中自由使用.
- 当您挂钩函数时,您需要确保不要修改某些不是基于 IP 的值,并将查询推迟到真正的函数中.
拦截 UDP 将不起作用,因为查询是从 MS DNS 客户端发出的,因此除非您编写低级驱动程序,例如:TDI、NDIS 或 WFP,否则您必须挂钩函数(或编写 NSP).NSLookup 对您有用,因为它自己创建 DNS 查询.
Intercepting UDP will not work since the queries are going out from MS DNS client, so unless you write a low level driver like: TDI, NDIS or WFP you must hook the functions (or write a NSP). NSLookup works for you because it creates the DNS queries itself.
这篇关于是否可以使用 LSP/SPI 拦截 dns 查询?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
