开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > Internet/网络编程 > 防火墙与安全工具 > 查看源码
myfun.cpp
资源名称:FireWallSys.rar [点击查看]
上传用户:yitai_qhd
上传日期:2008-04-24
资源大小:31k
文件大小:12k
源码类别:

防火墙与安全工具

开发平台:

Visual C++

myfun.cpp:源码内容
  1. #include "myfun.h"
  2. #include "fun.h"
  3. #include "hook.h"
  4. #include "packet.h"
  5. #include "check.h"
  6. #include "memory.h"
  7. #include "windef.h"
  8. #include "stdio.h"
  10. #pragma comment(lib,"ntoskrnl.lib")
  11. #pragma comment(lib,"wdm.lib")
  12. #pragma comment(lib,"libcntpr.lib")
  14. NDISSEND m_pNdisSend = NULL;
  15. NDISREGISTERPROTOCOL m_pNdisRegisterProtocol = NULL;
  16. OPENADAPTERCOMPLETE m_pOpenAdapterComplete = NULL;
  17. NDISOPENADAPTER m_pNdisOpenAdapter = NULL;
  18. NDIS_HANDLE m_TcpipHandle;
  19. RECEIVE m_pNdisReceive = NULL;
  20. SENDPACKET m_pSendHandler = NULL;
  21. WANSENDPACKETS m_pWanSendPackets = NULL;
  22. NDIS_HANDLE m_TcpIpWanHandle = NULL;
  24. VOID NDIS_API
  25. MY_NdisSend(
  26.     PNDIS_STATUS Status,
  27.     NDIS_HANDLE NdisBindingHandle,
  28.     PNDIS_PACKET Packet
  29. )
  30. {
  31.     dprintf(("MY_NdisSendn"));
  32.     m_pNdisSend(Status, NdisBindingHandle, Packet);
  33. }
  35. VOID NDIS_API
  36. MY_NdisRegisterProtocol(
  37.     OUT PNDIS_STATUS Status,
  38.     OUT PNDIS_HANDLE NdisProtocolHandle,
  39.     IN PNDIS_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics,
  40.     IN UINT CharacteristicsLength
  41. )
  42. {
  43.     BOOLEAN bHookedTcp = FALSE;
  44.     UNICODE_STRING usTcpName = UNICODE_STRING_CONST("TCPIP");
  46.     dprintf(("MY_NdisRegisterProtocoln"));
  48.     if(m_pNdisRegisterProtocol == NULL)
  49.         return;
  51.     //
  52.     // 判断是否是TCP/IP协议
  53.     //
  54.     if(usTcpName.Length == ProtocolCharacteristics->Name.Length 
  55.         && memcmp(ProtocolCharacteristics->Name.Buffer, usTcpName.Buffer, usTcpName.Length) == 0)
  56.     {
  57.         bHookedTcp = TRUE;
  58.         m_pOpenAdapterComplete = ProtocolCharacteristics->OpenAdapterCompleteHandler;
  59.         ProtocolCharacteristics->OpenAdapterCompleteHandler = MY_OpenAdapterComplete;
  60.         m_pNdisReceive = ProtocolCharacteristics->ReceiveHandler;
  61.         ProtocolCharacteristics->ReceiveHandler = MY_Receive;
  62.     }
  64.     //
  65.     // 转发给系统函数
  66.     //
  67.     m_pNdisRegisterProtocol(
  68.         Status,
  69.         NdisProtocolHandle,
  70.         ProtocolCharacteristics,
  71.         CharacteristicsLength
  72.         );
  74.     if(bHookedTcp)
  75.     {
  76.         m_TcpipHandle = *NdisProtocolHandle;
  77.         bHookedTcp = TRUE;
  78.     }
  79. }
  81. VOID NDIS_API
  82. MY_OpenAdapterComplete(
  83.     IN NDIS_HANDLE ProtocolBindingContext,
  84.     IN NDIS_STATUS Status,
  85.     IN NDIS_STATUS OpenErrorStatus
  86. )
  87. {
  88.     dprintf(("MY_OpenAdapterCompleten"));
  90.     //
  91.     // 调用MY_HookSend对SendHander进行Hook。
  92.     //
  93. if(Status == NDIS_STATUS_SUCCESS)
  94.         MY_HookSend(m_TcpipHandle, MY_SendPacket, (PVOID*)&m_pSendHandler, HOOK_SEND);
  96.     m_pOpenAdapterComplete(
  97.         ProtocolBindingContext,
  98.         Status,
  99.         OpenErrorStatus
  100.         );
  101. }
  104. NDIS_STATUS NDIS_API
  105. MY_Receive(
  106.     IN NDIS_HANDLE NdisBindingContext,
  107.     IN NDIS_HANDLE MacReceiveContext,
  108.     IN PVOID HeaderBuffer,
  109.     IN UINT HeaderBufferSize,
  110.     IN PVOID LookAheadBuffer,
  111.     IN UINT LookaheadBufferSize,
  112.     IN UINT PacketSize
  113. )
  114. {
  116. return 1;
  117. }
  119. VOID NDIS_API
  120. MY_NdisOpenAdapter(
  121. OUT PNDIS_STATUS  Status,
  122. OUT PNDIS_STATUS  OpenErrorStatus,
  123. OUT PNDIS_HANDLE  NdisBindingHandle,
  124. OUT PUINT  SelectedMediumIndex,
  125. IN PNDIS_MEDIUM  MediumArray,
  126. IN UINT  MediumArraySize,
  127. IN NDIS_HANDLE  NdisProtocolHandle,
  128. IN NDIS_HANDLE  ProtocolBindingContext,
  129. IN PNDIS_STRING  AdapterName,
  130. IN UINT  OpenOptions,
  131. IN PSTRING  AddressingInformation  OPTIONAL
  132. )
  133. {
  135. m_pNdisOpenAdapter(
  136. Status,
  137. OpenErrorStatus,
  138. NdisBindingHandle,
  139. SelectedMediumIndex,
  140. MediumArray,
  141. MediumArraySize,
  142. NdisProtocolHandle,
  143. ProtocolBindingContext,
  144. AdapterName,
  145. OpenOptions,
  146. AddressingInformation
  147. );
  150. if(*Status != STATUS_SUCCESS)
  151. return;
  153. if(NdisProtocolHandle == m_TcpipHandle)
  154. MY_HookSend(m_TcpipHandle, MY_SendPacket, (PVOID*)&m_pSendHandler, HOOK_SEND);
  155. else if(NdisProtocolHandle == m_TcpIpWanHandle)
  156. MY_HookSend(m_TcpIpWanHandle, MY_WanSendPackets, (PVOID*)&m_pWanSendPackets, HOOK_SEND_PACKETS);
  157. }
  159. VOID 
  160. MY_HookSend(
  161. IN NDIS_HANDLE ProtocolBlock, 
  162. IN PVOID HookFunction,
  163. OUT PVOID* SendHandler,
  164. IN unsigned char HookType
  165. )
  166. {
  168. if(ProtocolBlock != NULL)
  169. {
  170. PNDIS_PROTOCOL_BLOCK pProtocol = NULL;
  171. PNDIS_OPEN_BLOCK pOpenBlock = NULL;
  172. pProtocol = (PNDIS_PROTOCOL_BLOCK)ProtocolBlock;
  173. pOpenBlock = pProtocol->OpenQueue;
  175. switch(HookType)
  176. {
  177. case HOOK_SEND:
  178. if(pOpenBlock != NULL && pOpenBlock->SendHandler != NULL)
  179. {
  180. *SendHandler = pOpenBlock->SendHandler;
  181. }
  182. while(pOpenBlock != NULL)
  183. {
  184. // pOpenBlock->SendHandler =HookFun;
  185. pOpenBlock = pOpenBlock->ProtocolNextOpen;
  186. }
  187. break;
  188. case HOOK_SEND_PACKETS:
  189. if(pOpenBlock != NULL && pOpenBlock->SendPacketsHandler != NULL)
  190. {
  191. *SendHandler = pOpenBlock->SendPacketsHandler;
  192. }
  193. while(pOpenBlock != NULL)
  194. {
  195. // pOpenBlock->SendPacketsHandler =HookFun;
  196. pOpenBlock = pOpenBlock->ProtocolNextOpen;
  197. }
  198. break;
  199. }
  200. }
  201. }
  203. NDIS_STATUS NDIS_API
  204. MY_SendPacket(
  205. IN NDIS_HANDLE MacBindingHandle,
  206. IN PNDIS_PACKET Packet
  207. )
  208. {
  210. //
  211. // 检查封包的合法性
  212. //
  213. if(CheckSend(Packet) != 0)
  214. return NDIS_STATUS_SUCCESS;//不合法,返回
  216. //
  217. // 转发给系统函数
  218. //
  219. return m_pSendHandler(MacBindingHandle, Packet);
  220. }
  221. VOID NDIS_API
  222. MY_WanSendPackets(
  223. IN NDIS_HANDLE  NdisBindingHandle,
  224. IN PPNDIS_PACKET  PacketArray,
  225. IN UINT  NumberOfPackets
  226. )
  227. {
  228. UINT i;
  230. for(i = 0; i < NumberOfPackets; i++)
  231. {
  232. if(CheckPacket(PacketArray[i], TRUE) != 0)
  233. return;
  234. }
  236. m_pWanSendPackets(NdisBindingHandle, PacketArray, NumberOfPackets);
  237. }
  238. int CheckSend(
  239. IN PNDIS_PACKET packet
  240. )
  241. {
  243. return CheckPacket(packet, TRUE);
  244. }
  245. int CheckPacket(
  246. IN PNDIS_PACKET packet,
  247. IN BOOLEAN IsSend
  248. )
  249. {
  250.   PNDIS_BUFFER  FirstBuffer, Buffer;
  251. UINT TotalPacketLength;
  252. unsigned int EthernetFrameType;
  253. int HeaderLength;
  254. PIP_HEADER pIpHeader;
  255. PETHERNET_FRAME pEthernetFrame;
  256. void* pBiosBuffer;
  257. PICMP_HEADER pIcmpHeader;
  258. PTCP_HEADER pTcpHeader;
  259. PUDP_HEADER pUdpHeader;
  261. UINT PhysicalBufferCount;
  262. UINT BufferCount;
  263. PVOID VirtualAddress;
  264. int Length = 0;
  266. dprintf(("CheckSendn"));
  268. //
  269. // 得到第一个NDIS_BUFFER
  270. //
  271. TotalPacketLength = 0;
  272. NdisQueryPacket(packet
  273. , &PhysicalBufferCount
  274. , &BufferCount
  275. , &FirstBuffer
  276. , &TotalPacketLength
  277. );
  279. if(FirstBuffer == NULL)
  280. return PASS;
  282. Buffer = FirstBuffer;
  284. //
  285. // 解析Ethernet Frame
  286. //
  287. NdisQueryBufferSafe(FirstBuffer, &VirtualAddress, &Length, HighPagePriority);
  288. pEthernetFrame = (PETHERNET_FRAME)VirtualAddress;
  289. EthernetFrameType = ntohs(pEthernetFrame->FrameType);
  291. if(EthernetFrameType != ETHERNET_FRAME_TYPE_TCPIP)//不是IP协议,PASS
  292. return PASS;
  294. //
  295. // 解析Ip Header
  296. //
  297. if((Length - ETHERNET_FRAME_LENGTH) >= IP_HEADER_LENGTH)
  298. {
  299. pIpHeader = (PIP_HEADER)((char*)pEthernetFrame + ETHERNET_FRAME_LENGTH);//跳到IP头
  300. Length = Length - ETHERNET_FRAME_LENGTH;
  301. }
  302. else
  303. {
  304. NdisGetNextBuffer(FirstBuffer, &Buffer);
  306. if(Buffer == NULL)
  307. return PASS;
  309. NdisQueryBufferSafe(Buffer, &VirtualAddress, &Length, HighPagePriority);
  311. if(VirtualAddress == NULL || Length < IP_HEADER_LENGTH)
  312. return PASS;
  314. pIpHeader = (PIP_HEADER)VirtualAddress;
  315. }
  317. HeaderLength = pIpHeader->HeaderLength * HEADER_LENGTH_MULTIPLE;
  319. dprintf(("HeaderLength: %un", HeaderLength));
  321. switch(pIpHeader->Protocol)
  322. {
  323. case PROTOCOL_TCP:
  324. //
  325. // 解析Tcp Header
  326. //
  327. if((Length - HeaderLength) < TCP_HEADER_LENGTH)
  328. {
  330. NdisGetNextBuffer(Buffer, &Buffer);
  331. if(Buffer == NULL) return PASS;
  332. NdisQueryBufferSafe(Buffer, &VirtualAddress, &Length, HighPagePriority);
  333. if(VirtualAddress != NULL && Length >= TCP_HEADER_LENGTH)
  334. {
  335. pTcpHeader = (PTCP_HEADER)(VirtualAddress);
  336. }
  337. else
  338. {
  339. return PASS;
  340. }
  341. }
  342. else
  343. {
  344. pTcpHeader = (PTCP_HEADER)((unsigned long)pIpHeader + HeaderLength);
  345. }
  348. pBiosBuffer = NULL;
  349. if(Buffer != NULL)
  350. {
  351. NdisGetNextBuffer(Buffer, &Buffer);
  352. if(Buffer != NULL)
  353. {
  354. NdisQueryBufferSafe(Buffer, &VirtualAddress, &Length, HighPagePriority);
  355. if(VirtualAddress != NULL && Length >= NETBIOS_MIN_PACKET_SIZE)
  356. pBiosBuffer = (void*)VirtualAddress;
  358. }
  359. //
  360. // 调用CheckTcp对封包的合法性进行审查
  361. //
  362. return CheckTcp(pIpHeader, pTcpHeader, IsSend, TotalPacketLength, pBiosBuffer);
  364. case PROTOCOL_UDP:
  365. //
  366. // 解析UDP Header
  367. //
  368. if((Length - HeaderLength) < UDP_HEADER_LENGTH)
  369. {
  370. //
  371. // if Buffer is NULL or Invalid Address, It can bring a bug check
  372. // 0x1e.
  373. //
  374. NdisGetNextBuffer(Buffer, &Buffer);
  375. if(Buffer == NULL) return PASS;
  376. NdisQueryBufferSafe(Buffer, &VirtualAddress, &Length, HighPagePriority);
  377. if(VirtualAddress != NULL && Length >= UDP_HEADER_LENGTH)
  378. {
  379. pUdpHeader = (PUDP_HEADER)(VirtualAddress);
  380. }
  381. else
  382. {
  383. return PASS;
  384. }
  385. }
  386. else
  387. {
  388. pUdpHeader = (PUDP_HEADER)((unsigned long)pIpHeader + HeaderLength);
  389. }
  391. pBiosBuffer = NULL;
  392. if(Buffer != NULL)
  393. {
  394. NdisGetNextBuffer(Buffer, &Buffer);
  395. if(Buffer != NULL)
  396. {
  397. NdisQueryBufferSafe(Buffer, &VirtualAddress, &Length, HighPagePriority);
  398. if(VirtualAddress != NULL && Length >= NETBIOS_MIN_PACKET_SIZE)
  399. pBiosBuffer = (void*)VirtualAddress;
  400. }
  401. }
  404. //
  405. // 调用 CheckUdp 对封包的合法性进行审查
  406. //
  407. return CheckUdp(pIpHeader, pUdpHeader, IsSend, TotalPacketLength, pBiosBuffer);
  409. case PROTOCOL_ICMP:
  410. //
  411. // 解析 ICMP
  412. //
  413. if((Length - HeaderLength) < ICMP_HEADER_LENGTH)
  414. {
  416. NdisGetNextBuffer(Buffer, &Buffer);
  417. if(Buffer == NULL) return PASS;
  418. NdisQueryBufferSafe(Buffer, &VirtualAddress, &Length, HighPagePriority);
  419. if(VirtualAddress != NULL && Length >= ICMP_HEADER_LENGTH)
  420. pIcmpHeader = (PICMP_HEADER)(VirtualAddress);
  421. else
  422. return PASS;
  423. }
  424. else
  425. {
  426. pIcmpHeader = (PICMP_HEADER)((unsigned long)pIpHeader + HeaderLength);
  427. }
  429. //
  430. // 调用 CheckIcmp 对封包的合法性进行审查
  431. //
  432. return CheckIcmp(pIpHeader, pIcmpHeader, IsSend, TotalPacketLength);
  434. case PROTOCOL_IGMP:
  435. default:
  436. break;
  437. }
  439. return PASS;
  440. }
  442. int CheckRecv(
  443.     IN PVOID HeaderBuffer,
  444.     IN UINT HeaderBufferSize,
  445.     IN PVOID LookAheadBuffer,
  446.     IN UINT LookaheadBufferSize,
  447.     IN UINT PacketSize
  448. )
  449. {
  450.   WORD EthernetFrameType;
  451. WORD LengthCount;
  452. PIP_HEADER pIpHeader;
  453. PETHERNET_FRAME pEthernetFrame;
  455. if(HeaderBufferSize < ETHERNET_FRAME_LENGTH) 
  456. return PASS;
  458. // 解析Ethernet Frame
  459. //
  460. pEthernetFrame = (PETHERNET_FRAME)HeaderBuffer;
  461. EthernetFrameType = ntohs(pEthernetFrame->FrameType);
  462. if(EthernetFrameType != ETHERNET_FRAME_TYPE_TCPIP
  463. || LookaheadBufferSize < IP_HEADER_LENGTH)
  464. return PASS;
  466. // 解析Ip Header
  467. //
  468. pIpHeader = (PIP_HEADER)LookAheadBuffer;
  469. LengthCount = pIpHeader->HeaderLength * HEADER_LENGTH_MULTIPLE;
  470. if(LengthCount == 0)
  471. return PASS;
  473. switch(pIpHeader->Protocol)
  474. {
  475. case PROTOCOL_TCP:
  476. // 解析Tcp Header
  477. //
  478. if(LookaheadBufferSize < (UINT)(LengthCount + TCP_HEADER_LENGTH))
  479. return PASS;
  480. return CheckTcp(pIpHeader
  481. , (PTCP_HEADER)((char*)LookAheadBuffer + LengthCount)
  482. , FALSE
  483. , PacketSize + HeaderBufferSize
  484. , (PVOID)LookaheadBufferSize
  485. );
  487. case PROTOCOL_UDP:
  488. // 解析 Udp Header
  489. //
  490. if(LookaheadBufferSize < (UINT)(LengthCount + UDP_HEADER_LENGTH))
  491. return PASS;
  492. return CheckUdp(pIpHeader
  493. , (PUDP_HEADER)((char*)LookAheadBuffer + LengthCount)
  494. , FALSE
  495. , PacketSize + HeaderBufferSize
  496. , (PVOID)LookaheadBufferSize
  497. );
  499. case PROTOCOL_ICMP:
  500. //
  501. // 解析Icmp Header
  502. //
  503. if(LookaheadBufferSize < (UINT)(LengthCount + ICMP_HEADER_LENGTH))
  504. return PASS;
  505. return CheckIcmp(pIpHeader
  506. , (PICMP_HEADER)((char*)LookAheadBuffer + LengthCount)
  507. , FALSE
  508. , PacketSize + HeaderBufferSize
  509. );
  511. case PROTOCOL_IGMP:
  512. default:
  513. break;
  514. }
  515. return PASS;
  516. }