使得它可以拦截在Windows网络通信程序 [英] Making a program that intercepts network traffic in Windows

问题描述

排序要问我什么是如何使Windows中的软件防火墙，但事情没有这么复杂。我很惊讶，我能找到那么一点寻找这个时候，只有挂钩偶尔提及。因此，它一定会觉得很AP preciated，如果有人能在正确的方向指向我。

Sort of what I'm asking is "how to make a software firewall for Windows," but something not so complex. I'm surprised I can find so little when searching for this, only the occasional mention of hooks. So it'd be much appreciated if someone could point me in the right direction.

我希望做这个用C（不过，如果有你认为会更好地工作，另一种语言，我所有的耳朵）。我要作出这样的手表网络通信的应用程序，可以提取IP地址（源传入，目的地传出），并阻止说网络活动。

I expect to do this with C (though if there's another language you think would work better, I'm all ears). I want to make an application that watches network traffic, can extract the IP address (source for incoming, destination for outgoing), and can block said network activity.

这似乎喜欢的事，会更容易在内核中做的，但我不希望被在那里摆弄周围，也没有我甚至有机会做到这一点在Windows反正。我不担心效率，我也不是想制造一个个人防火墙。这仅仅是对IP地址的一个实验。

This seems like something that would be much easier to do in the kernel, but I don't want to be mucking around in there, nor do I even have access to do that in Windows anyway. I'm not worried about efficiency, nor am I looking to make a personal firewall. This is just for an experiment regarding IP addresses.

任何指针？

注意：我能够阻止网络特定的网络活动，而不仅仅是监视它是很重要的

推荐答案

的DIY方法是要在内核模式下，使用的过滤钩子驱动（对于Windows 2000，XP）或 WFP标注驱动程序。

The DIY way would be going in kernel mode, using filter-hook drivers (for Windows 2000-XP) or WFP Callout Drivers.

如果你不想让别人做内核模式下， WinPcap的驱动器/库体育肮脏的工作许多低级别的网络功能，包括那些你需要，可以从用户模式下使用（请注意，您使用WinPcap不能丢弃数据包）。

If you want to let others do the dirty work in kernel-mode, the WinPcap driver/library sports lots of low-level network features, including the ones you need, that you can use from user-mode (notice that using WinPcap you can't drop packets).

这篇关于使得它可以拦截在Windows网络通信程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！