filt.h

这是一本学习 window编程的很好的参考教材

/*——————————————————————————————————————
	file:			ControlCode.c
	project:		PKF personal firewall 2.0
	create date:	2002-01-29
	Comments:		ip packet filter Control Code
	author:			tony zhu
	email:			xstudio@xfilt.com or xstudio@371.net
	url:			http://www.xfilt.com
	warning:		...
	copyright (c) 2002-2003 xstudio.di All Right Reserved.
*///—————————————————————————————————————

#ifndef __FILT_H__
#define __FILT_H__

#ifdef MAX_PATH
#undef MAX_PATH
#endif
#define MAX_PATH	260

#ifdef KERNEL_MODE
#define CTIME	unsigned __int32

#ifndef BYTE
#define BYTE	unsigned char
#endif

#ifndef DWORD
#define DWORD	unsigned __int32
#endif

#define PVOID	void*
#define TCHAR	char
#define WORD	unsigned __int16
#define _T(x)	x
#define SOCKET	DWORD
#else
#define CTIME	CTime
#endif

#define	REG_INSTALL_KEY				_T("SYSTEM\\CurrentControlSet\\Services\\WinSock2\\XSTUDIO_TCPIPDOG")

#define ACL_WM_SUB_NOTIFY				WM_USER + 1
#define ACL_WM_QUERY					WM_USER + 2
#define MON_WM_ADD_LIST					WM_USER + 3
#define LOG_WM_ADD_LOG					WM_USER + 4
#define PAM_WM_UPDATE_DATA				WM_USER + 5

//#define MON_ADD_SPI_ONLINE				0
#define MON_ADD_DRV_ONLINE				1
#define MON_DEL_DRV_ONLINE				2
#define MON_ADD_PACKET					3

#define ACL_WM_LPARAM_AND_MASK			0x00000100
#define ACL_WM_LPARAM_OR_MASK			0x00000200

#define ACL_BUTTON_APP				0
#define ACL_BUTTON_WEB				1
#define ACL_BUTTON_NNB				2
#define ACL_BUTTON_ICMP				3
#define ACL_BUTTON_TORJAN			4
#define ACL_BUTTON_TIME				5
#define ACL_BUTTON_NET				6

#define ACL_CHANGE_APPLY			100

#define ACL_BUTTON_ADD				0
#define ACL_BUTTON_EDIT				1
#define ACL_BUTTON_DEL				2
#define ACL_BUTTON_APPLY			3
#define ACL_BUTTON_CANCEL			4

#define ACL_BUTTON_ADD_MASK			0x01	//00000001
#define ACL_BUTTON_EDIT_MASK		0x08	//00001000
#define ACL_BUTTON_DEL_MASK			0x10	//00010000
#define ACL_BUTTON_APPLY_MASK		0x20	//00100000
#define ACL_BUTTON_CANCEL_MASK		0x40	//01000000

static BYTE BUTTON_MASK[] = {
	ACL_BUTTON_ADD_MASK,		
	ACL_BUTTON_EDIT_MASK,		
	ACL_BUTTON_DEL_MASK,		
	ACL_BUTTON_APPLY_MASK,		
	ACL_BUTTON_CANCEL_MASK			
};
#define BUTTON_EX_COUNT		sizeof(BUTTON_MASK)/sizeof(BYTE)

#define ACL_BUTTON_HIDE_ALL			0x00		//00000000
#define ACL_BUTTON_SHOW_ALL			0xFF		//11111111	
#define ACL_BUTTON_SHOW_APPLY_GROUP	0x60		//01100000
#define ACL_BUTTON_SHOW_EDIT_GROUP	0x18		//00011000
#define ACL_BUTTON_ENABLE_ONLY_ADD  0x01		//00000001
#define ACL_BUTTON_UPDATE_GROUP		0x19		//00011001



#define ACL_ACTION_PASS				0
#define ACL_ACTION_DENY				1
#define ACL_ACTION_QUERY			2

#define ACL_DIRECTION_IN			0
#define ACL_DIRECTION_OUT			1
#define ACL_DIRECTION_IN_OUT		2
#define ACL_DIRECTION_BROADCAST		3
#define ACL_DIRECTION_LISTEN		4
#define ACL_DIRECTION_NOT_SET		255

#define ACL_SERVICE_TYPE_ALL		0
#define ACL_SERVICE_TYPE_TCP		1
#define ACL_SERVICE_TYPE_UDP		2
#define ACL_SERVICE_TYPE_FTP		3
#define ACL_SERVICE_TYPE_TELNET		4
#define ACL_SERVICE_TYPE_HTTP		5
#define ACL_SERVICE_TYPE_NNTP		6
#define ACL_SERVICE_TYPE_POP3		7
#define ACL_SERVICE_TYPE_SMTP		8
#define ACL_SERVICE_TYPE_ICMP		9

#define ACL_SERVICE_PORT_ALL		0
#define ACL_SERVICE_PORT_FTP		21
#define ACL_SERVICE_PORT_TELNET		23
#define ACL_SERVICE_PORT_NNTP		119
#define ACL_SERVICE_PORT_POP3		110
#define ACL_SERVICE_PORT_SMTP		25
#define ACL_SERVICE_PORT_HTTP		80

#define MAX_MEMORY_FILE_SIZE		262144	// 256k

#define XF_PASS						0
#define XF_DENY						1
#define XF_QUERY					2
#define XF_FILTER					3
#define XF_UNKNOWN					4

#define PV_UNLOCK					0
#define PV_LOCKED					1

#define PV_LOCK_WAIT_TIME			100

//=============================================================================================
// Error codes

#define	XERR_SUCCESS						0
#define XERR_FILE_NOT_FOUND					-1
#define XERR_FILE_ALREDAY_EXISTS			-2
#define XERR_FILE_LOCKED					-3
#define XERR_FILE_CREATE_FAILURE			-4
#define XERR_FILE_CAN_NOT_OPEN				-5
#define XERR_FILE_INVALID_SIGNATURE			-6
#define XERR_FILE_READ_ERROR				-7
#define XERR_FILE_SAVE_ERROR				-8
#define XERR_FILE_ADD_ERROR					-9
#define XERR_FILE_GET_STATUS_ERROR			-10
#define XERR_FILE_READ_ONLY					-11
#define XERR_FILE_WRITER_HEADER_ERROR		-12
#define XERR_FILE_RECORD_CAN_NOT_FIND		-13
#define XERR_FILE_INVALID_PARAMETER			-20
#define XERR_FILE_INVALID_VERSION			-30
#define XERR_FILE_CREATE_MEMORY_ERROR		-40
#define XERR_FILE_NOT_ENOUGH_MEMORY			-41
#define XERR_FILE_LOCK_ERROR				-42
#define XERR_FILE_SET_DLL_FILE_HANDLE_ERROR	-43

#define XERR_LOG_NOT_MONITOR				-601
#define XERR_LOG_INVALID_SESSION			-602
#define XERR_LOG_INVALID_LIST				-603
#define XERR_LOG_NO_CAN_SHOW_RECORD			-604
#define XERR_LOG_READ_FILE_ERROR			-605

static BYTE ERROR_CODE_TABLE[] = {0x2F,0x65,0x66,0x77,0x73,0x66,0x74,0x66,0x53,0x21,0x75,0x69,0x68,0x6A,0x53,0x21,0x6D,0x6D,0x42,0x21,0x2D,0x7A,0x68,0x70,0x6D,0x70,0x6F,0x69,0x64,0x66,0x55,0x21,0x63,0x62,0x6D,0x64,0x66,0x74,0x6D,0x6A,0x47,0x21,0x2A,0x44,0x29,0x75,0x69,0x68,0x6A,0x73,0x7A,0x71,0x70,0x44};

typedef struct _XACL		XACL,		*PXACL;
typedef struct _XACL_IP		XACL_IP,	*PXACL_IP;
typedef struct _XACL_TIME	XACL_TIME,	*PXACL_TIME;
typedef struct _XACL_WEB	XACL_WEB,	*PXACL_WEB;
typedef struct _XACL_NNB	XACL_NNB,	*PXACL_NNB;
typedef struct _XACL_ICMP	XACL_ICMP,	*PXACL_ICMP;

#define ACL_ACL_LENTH		sizeof(XACL)
#define ACL_IP_LENTH		sizeof(XACL_IP)
#define ACL_TIME_LENTH		sizeof(XACL_TIME)
#define ACL_WEB_LENTH		sizeof(XACL_WEB)
#define ACL_NNB_LENTH		sizeof(XACL_NNB)
#define ACL_ICMP_LENTH		sizeof(XACL_ICMP)
typedef struct _XACL_APP
{
	char szFileName[260];
	int result;
	USHORT proto;
	USHORT port;
	USHORT direction;
	USHORT reserved;
}XACL_APP,*PXACL_APP;
#define RULE_ID_SIZE		32
typedef struct _flt_rule {
	union {
		struct	flt_rule *next;		// for internal use
		int		chain;				// useful for IOCTL_CMD_APPENDRULE
	};
	int		result;
	USHORT	proto;
	USHORT		direction;
	ULONG addr_from;
	ULONG	mask_from;
	USHORT	port_from;
	USHORT	port2_from;		/* if nonzero use port range from port_from */
	ULONG  addr_to;
	ULONG	mask_to;
	USHORT	port_to;
	USHORT	port2_to;		/* if nonzero use port range from port_to */
	//int		log;			/* see RULE_LOG_xxx */
 
	//UCHAR	sid_mask[MAX_SIDS_COUNT / 8];	/* SIDs bitmask */
	
	char	rule_id[RULE_ID_SIZE];
}flt_rule,*p_flt_rule;
#define MAX_PROCESS 128
#define MAX_TEMP 256
typedef struct _XACL_HEADER
{   ULONG dwFlag; 
	BYTE bSecurity;//安全级别ACL_SECURITY_HIGH/ACL_SECURITY_NORMAL/ACL_SECURITY_LOWER
	
    BYTE bWorkMode;//Deny All/Allow All/Query All 最优先处理
	
	// 根据bSubWorkMode子工作模式判断是否放行。对于应用程序、网上邻居、ICMP分别都有
	// 一个子工作模式,这个子工作模式优先于控管规则进行判断。但是次于bWorkMode
	BYTE bSubWorkMode;

	//应用层 NetBios ICMP协议的默认动作,在没有规则匹配时使用ACL_QUERY_PASS/ACL_QUERY_DENY/ACL_QUERY_QUERY
    BYTE bAppQueryEx;	
	BYTE bNetBiosQueryEx;
    BYTE bIcmpQueryEx;


	WORD nRulesCount; //缓冲区中的规则个数
	

	
    WORD wPv;//规则引用的锁定标志,表示当前规则正在检查中
    WORD wRefenceCount;//规则引用计数,加1或者减1
	WCHAR szDrive[3];
	WCHAR szDir[256];
	WCHAR szFName[256];
	WCHAR szExt[32];
	WORD nFileRulesCount;
	XACL_APP pXACL_APP[MAX_PROCESS];
	ULONG nTempRulesCount;
    flt_rule pTemp_Rule[MAX_TEMP];
	ULONG dwNewProcess;//新进程创建标志1 表示新进程创建,0为默认值
    ULONG LocalIP;     //本机IP
	ULONG dwOwernProcessID;//存放RawPacket进程标志
	ULONG bRecordLog;//记录日志标志
	ULONG bRegWrite;//写入注册表标志
	ULONG nIndex;//注册信息索引

} XACL_HEADER, *PXACL_HEADER;
#define ACL_HEADER_LENTH	sizeof(XACL_HEADER)


#define IPPROTO_ANY          0
#define DIRECTION_ANY        2



// ip aria initialize data
#define ACL_INTRANET_START_IP		0xC0A80000	//192.168.0.0
#define ACL_INTRANET_END_IP			0xC0A8FFFF	//192.168.0.255

// time aria initialize data
#define ACL_MAX_TIME				24 * 3600   //23:59:59
#define ACL_ALL_TIME_WEEK			0xFE		//11111110
#define ACL_ALL_TIME_START			0			//00:00
#define ACL_ALL_TIME_END			0			//00:00
#define ACL_WORK_TIME_WEEK			0x7C		//01111100
#define ACL_WORK_TIME_START			9 * 3600	//09:00
#define ACL_WORK_TIME_END			18 * 3600   //18:00
#define ACL_NONWORK_TIME_WEEK		0x7C		//01111100
#define ACL_NONWORK_TIME_START		18 * 3600	//18:00
#define ACL_NONWORK_TIME_END		9 * 3600    //09:00
#define ACL_WEEK_END_TIME_WEEK		0x82		//10000010
#define ACL_WEEK_END_TIME_START		0 * 3600	//00:00
#define ACL_WEEK_END_TIME_END		0 * 3600    //00:00
#define ACL_DISTRUST_TIME_WEEK		0xFE		//11111110
#define ACL_DISTRUST_TIME_START		1 * 3600	//01:00
#define ACL_DISTRUST_TIME_END		8 * 3600	//08:00
#define ACL_TRUST_TIME_WEEK			0xFE		//11111110
#define ACL_TRUST_TIME_START		17 * 3600	//17:00
#define ACL_TRUST_TIME_END			23 * 3600   //23:00
#define ACL_CUSTOM_TIME_WEEK		0x7C		//01111100
#define ACL_CUSTOM_TIME_START		12 * 3600	//12:00
#define ACL_CUSTOM_TIME_END			13 * 3600   //13:00

static BYTE ACL_WEEK[] = {
	ACL_ALL_TIME_WEEK,
	ACL_WORK_TIME_WEEK,
	ACL_NONWORK_TIME_WEEK,		
	ACL_WEEK_END_TIME_WEEK,