【ACCESS精品源码栏目提醒】:网学会员为需要ACCESS精品源码的朋友们搜集整理了防火墙代码文档 - 其它资料相关资料,希望对各位网友有所帮助!
1SmatrixIPDiv.cpp 文件2protocol.h 头文件3SmatrixIPDiv.h 头文件Copycode/Copyrightc2012安全矩阵(SecurityMatrixAllrightsreserved.文件名称:SmatrixIPDiv.cpp文件标识:S摘 要:IP 过滤驱动,利用 ipfirewall 捕获包、分析包、过滤包开始时间:2012.12.26完成 Ri 期:2013.1.2/externC include include include include include include include includeincludeSmatrixIPDiv.hincludeprotocol.h/////////////////////////自定义函数的声明/////////////////////////关闭打开驱动函数NTSTATUSDispatchCreateClosePDEVICE_OBJECTpDevObjPIRPpIrp//驱动卸载函数voidDriverUnloadPDRIVER_OBJECTpDriverObj//IO 控制派遣函数(内核消息处理)NTSTATUSDispatchIoctlPDEVICE_OBJECTpDevObjPIRPpIrp//向过滤列表中添加一个过滤规则NTSTATUSAddFilterToListCIPFilterpFilter//清除过滤列表voidClearFilterList//注册钩子回调函数NTSTATUSSetFilterFunctionIPPacketFirewallPtrfilterFunctionBOOLEANload//包过滤函数FORWARD_ACTIONFilterPacketunsignedcharPacketHeader unsignedcharPacket unsignedintPacketLength DIRECTION_Edirection unsignedintRecvInterfaceIndex unsignedintSendInterfaceIndex//IP 过滤器函数FORWARD_ACTIONIPFilterFunctionVOID pData UINT RecvInterfaceIndex UINT pSendInterfaceIndex UCHAR pDestinationType VOID pContext UINT ContextLength structIPRcvBufpRcvBuf//过滤列表首地址structCFilterListg_pHeaderNULL//驱动内部名称和符号连接名称defineDEVICE_NAMELDeviceDevSMFltIPdefineLINK_NAMELDosDevicesDrvSMFltIp//驱动入口函数NTSTATUSDriverEntryPDRIVER_OBJECTpDriverObjPUNICODE_STRINGpRegistryString NTSTATUSstatusSTATUS_SUCCESS //初始化各个派遣例程 pDriverObj-MajorFunctionIRP_MJ_CREATEDispatchCreateClose pDriverObj-MajorFunctionIRP_MJ_CLOSEDispatchCreateClose pDriverObj-MajorFunctionIRP_MJ_DEVICE_CONTROLDispatchIoctl pDriverObj-DriverUnloadDriverUnload //创建、初始化设备对象 //设备名称 UNICODE_STRINGustrDevName RtlInitUnicodeStringustrDevNameDEVICE_NAME //创建设备对象 PDEVICE_OBJECTpDevObj statusIoCreateDevicepDriverObj 0 ustrDevName FILE_DEVICE_DRVFLTIP 0 FALSE pDevObj ifNT_SUCCESSstatus returnstatus //创建符号连接名称 //符号连接名称 UNICODE_STRINGustrLinkName RtlInitUnicodeStringustrLinkNameLINK_NAME //创建关联 statusIoCreateSymbolicLinkustrLinkNameustrDevName ifNT_SUCCESSstatus IoDeleteDevicepDevObj returnstatus returnSTATUS_SUCCESSvoidDriverUnloadPDRIVER_OBJECTpDriverObj //卸载过滤函数 SetFilterFunctionIPFilterFunctionFALSE //释放所有资源 ClearFilterList //删除符号连接名称 UNICODE_STRINGstrLink RtlInitUnicodeStringstrLinkLINK_NAME IoDeleteSymbolicLinkstrLink //删除设备对象 IoDeleteDevicepDriverObj-DeviceObject//处理 IRP_MJ_CREATE、IRP_MJ_CLOSE 功能代码NTSTATUSDispatchCreateClosePDEVICE_OBJECTpDevObjPIRPpIrp pIrp-IoStatus.StatusSTATUS_SUCCESS// pIrp-IoStatus.Information0 //完成此请求 IoCompleteRequestpIrpIO_NO_INCREMENT returnSTATUS_SUCCESS//I/O 控制派遣例程NTSTATUSDispatchIoctlPDEVICE_OBJECTpDevObjPIRPpIrp NTSTATUSstatusSTATUS_SUCCESS //取得此 IRP(pIrp)的 I/O 堆栈指针 PIO_STACK_LOCATIONpIrpStackIoGetCurrentIrpStackLocationpIrp //取得 I/O 控制代码 ULONGuIoControlCodepIrpStack-Parameters.DeviceIoControl.IoControlCode //取得 I/O 缓冲区指针和它的长度 PVOIDpIoBufferpIrp-AssociatedIrp.SystemBuffer ULONGuInSizepIrpStack-Parameters.DeviceIoControl.InputBufferLength //响应用户的