是否可以使用LSP / SPI拦截dns查询? [英] Is it possible to intercept dns queries using LSP/SPI?
问题描述
我的lsp还支持UDP协议,但它不工作。如果我从控制台(cmd.exe)运行nslookup,它似乎工作,但我无法捕获gethostbyname。有人知道该怎么做吗?我不认为写NSP(名称服务提供商)是一个解决方案。但是我可能错了。
谢谢
一个可以拦截DNS查询的LSP。做到这一点的唯一方法是挂钩所有的DNS功能,请记住您需要解决的一些挑战:
- 您需要使用一个支持32位和64位代码的良好挂钩库。
- 库许可证必须适合您的应用程序,有一些免费的库,但可以自由使用
- 当您挂起这些功能时,您需要确保不修改不是基于IP的某些值,并将查询推迟到真正的功能。
截取UDP将无法正常工作,因为查询从MS DNS客户端出来,因此除非您编写低级别的驱动程序,如:TDI,NDIS或WFP你必须挂钩功能(或写一个NSP)。 NSLookup适用于您,因为它创建DNS查询本身。
I wrote my own LSP which is working fine. However, I can not catch dns queries. For example there is no function like WSPGetHostByName or WSPGetAddrInfo.
My lsp also supports UDP protocol but it is not working. If I run nslookup from console (cmd.exe) it seems working but i can not catch gethostbyname. Does anyone know how to do that? I don't think writing NSP (Name Service Provider) is a solution. But I might be wrong.
Thanks
We have developed a LSP that can "intercept" DNS queries. The only way to do it is by hooking into all of the DNS functions, keep in mind there are a few challenges you need to solve:
- You need to use a good hooking library that will support both 32bit and 64bit code.
- The library license must be right for your application, there are some free libraries, but can be used freely only with free projects.
- When you hook the functions, you need to make sure not to modify certain values that are not IP based and defer the query to the real function.
Intercepting UDP will not work since the queries are going out from MS DNS client, so unless you write a low level driver like: TDI, NDIS or WFP you must hook the functions (or write a NSP). NSLookup works for you because it creates the DNS queries itself.
这篇关于是否可以使用LSP / SPI拦截dns查询?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
