📄 filterpkt.c
字号:
switch(uCode)
{
case VDF_GET_VER: //取版本
*pVer=VDF_VER;
*pRetLen=4;
break;
case VDF_ONLINE: //上线
if(!g_bOnline)
{
g_bOnline=TRUE;
}
break;
case VDF_OFFLINE: //下线
if(g_bOnline)
{
g_bOnline=FALSE;
DeclineAllMac();
g_maccount=0;
g_onlineip=0;
memset(g_onlinemac,0,6);
}
break;
case VDF_SET_ONLINEMAC: //设置上线MAC
memcpy(g_onlinemac,pMac,6);
break;
case VDF_SET_ONLINEIP: //设置上线IP
g_onlineip=*pIp;
break;
case VDF_SET_GATEWAYMAC: //设置网关MAC
memcpy(g_gwmac,pMac,6);
break;
case VDF_SET_GATEWAYIP: //设置网关IP
g_gwip=*pIp;
break;
case VDF_GET_STOPPROGS: //取禁止的程序并创建EVENT句柄
{
int i,nCount=0;
SStopProc *pStopProcs=pOutBuf;
#ifdef _WIN32_WINNT
CreateStopProcEvent();
#else
CreateStopProcEvent(*(HANDLE*)pInBuf);
#endif
for(i=0;i<MAX_PP;i++)
{
ULONG uWhyStop=0;
if(g_ProcessPkts[i].nIpStatus==PPS_IP_STOP) uWhyStop|=SPWHY_IP;
if(g_ProcessPkts[i].nArpStatus==PPS_ARP_STOP) uWhyStop|=SPWHY_ARP;
if(g_ProcessPkts[i].nPktStatus==PPS_PKT_STOP) uWhyStop|=SPWHY_PKT;
if(uWhyStop)
{
strncpy(pStopProcs[nCount].szName,g_ProcessPkts[i].szProcess,MAX_PNAME_LEN);
pStopProcs[nCount].szName[MAX_PNAME_LEN]=0;
pStopProcs[nCount].uWhy=uWhyStop;
// DbgPrint("Get Stop Proc %s\n",pStopProcs[nCount].szProcess);
nCount++;
}
}
if(nCount<MAX_PP)
{
pStopProcs[nCount].szName[0]=0;
pStopProcs[nCount].uWhy=0;
}
*pRetLen=MAX_PP*sizeof(SStopProc);
}
break;
case VDF_GET_CURSTOPPROG: //取当前被禁程序或EVENT原因
{
SStopProc *pStopProc=(SStopProc*)pOutBuf;
memcpy(pOutBuf,&g_CurStopProc,sizeof(g_CurStopProc));
*pRetLen=sizeof(SStopProc);
memset(&g_CurStopProc,0,sizeof(g_CurStopProc));
DbgPrint("Get Stop Proc=%s why=%d\n",pStopProc->szName,pStopProc->uWhy);
}
break;
default:
break;
}
}
////////////////////////////////////////////////////////////////////////
// 以下函数都是HOOK后的函数,一般都是先检测,然后调用旧函数
/////////////////////////////////////////////////////////////////
VOID NDIS_API
XF_SendComplete(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_PACKET Packet,
IN NDIS_STATUS Status
)
{
if(SendVDPacketComplt(Packet)) return;
pHookProc->pSendComplete(ProtocolBindingContext,Packet,Status);
}
/*
VOID NDIS_API
XF_WanSendComplete(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_WAN_PACKET Packet,
IN NDIS_STATUS Status
)
{
if(SendVDPacketComplt(Packet)) return;
pHookProc->pWanSendComplete(ProtocolBindingContext,Packet,Status);
}
*/
#ifdef _WIN32_WINNT
NDIS_STATUS NDIS_API
XF_WanReceive(
SHookProc *pHookProc,
IN NDIS_HANDLE NdisLinkHandle,
IN PUCHAR Packet,
IN ULONG PacketSize
)
{
NDIS_STATUS status=NDIS_STATUS_SUCCESS;
if(PacketSize>=sizeof(SEth)+sizeof(SIp))
{
status=FilterRecv(NULL,(SEth*)Packet,(SIp*)(Packet+sizeof(SEth)),
PacketSize-sizeof(SEth));
// DbgPrint("XF_WanReceive size=%X %X %s",PacketSize,status,pHookProc->pProtoHandle->Name);
}
if(NDIS_STATUS_SUCCESS==status)
{
status = pHookProc->pWanReceive(
NdisLinkHandle,
Packet,
PacketSize);
}
return status;
}
#endif
NDIS_STATUS NDIS_API
XF_Receive(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN NDIS_HANDLE MacReceiveContext,
IN PVOID HeaderBuffer,
IN UINT HeaderBufferSize,
IN PVOID LookAheadBuffer,
IN UINT LookaheadBufferSize,
IN UINT PacketSize
)
{
NDIS_STATUS status=FilterRecv(
NULL,(SEth*)HeaderBuffer,
(SIp*)LookAheadBuffer,
LookaheadBufferSize);
// DbgPrint("XF_Receive %X",status);
if(NDIS_STATUS_SUCCESS==status)
{
status = pHookProc->pReceive(
ProtocolBindingContext,
MacReceiveContext,
HeaderBuffer,
HeaderBufferSize,
LookAheadBuffer,
LookaheadBufferSize,
PacketSize
);
}
return status;
}
INT NDIS_API
XF_ReceivePacket(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_PACKET Packet
)
{
NDIS_STATUS Status = FilterRecv(Packet,NULL,NULL,0);
// DbgPrint("XF_ReceivePacket %X",Status);
if(Status==NDIS_STATUS_SUCCESS)
{
Status=pHookProc->pReceivePacket(ProtocolBindingContext, Packet);
}
return Status;
}
#ifdef _WIN32_WINNT
VOID NDIS_API
XF_SendPackets(
SHookProc *pHookProc,
IN NDIS_HANDLE NdisBindingHandle,
IN PPNDIS_PACKET PacketArray,
IN UINT NumberOfPackets
)
{
UINT i;
// DbgPrint("XF_SendPackets %s",GetProcessName());
for(i = 0; i < NumberOfPackets; i++)
{
if(FilterSend(PacketArray[i])) return;
}
pHookProc->pSendPackets(NdisBindingHandle, PacketArray, NumberOfPackets);
}
NDIS_STATUS NDIS_API
XF_SendPacket(
SHookProc *pHookProc,
IN NDIS_HANDLE MacBindingHandle,
IN PNDIS_PACKET Packet
)
{
// DbgPrint("XF_SendPacket %s",GetProcessName());
if(FilterSend(Packet)) return NDIS_STATUS_SUCCESS;
return pHookProc->pSend(MacBindingHandle, Packet);
}
NDIS_STATUS NDIS_API
XF_WanSendPacket(
SHookProc *pHookProc,
IN NDIS_HANDLE MacBindingHandle,
IN NDIS_HANDLE LinkHandle,
IN PVOID Packet
)
{
// DbgPrint("XF_WanSendPacket %s",GetProcessName());
// if(FilterSend(Packet)) return NDIS_STATUS_SUCCESS;
return pHookProc->pWanSend(MacBindingHandle,LinkHandle,Packet);
}
void HookSend(SAdapterHandle* pAdapterHandle,PNDIS_OPEN_BLOCK nob,SProtoHandle* pProtoHandle)
{
char nIndex=pAdapterHandle->nIndex+1;
BOOLEAN bHookSend=FALSE;
// DbgPrint("\n!!!!! HookSend nob=%X %d\n",nob,IsTcpIpBindHandle(pAdapterHandle));
if(nob==NULL || pProtoHandle==NULL) return;
if(nIndex>=MAX_SEND) nIndex=0;
if(pProtoHandle->bWan)
{
if(HookProtoProc(&pAdapterHandle->pWanSendHandler[nIndex],
(void**)&nob->WanSendHandler,
XF_WanSendPacket,pAdapterHandle)) bHookSend=TRUE;
}
else
{
if(HookProtoProc(&pAdapterHandle->pSendHandler[nIndex],
(void**)&nob->SendHandler,
XF_SendPacket,pAdapterHandle)) bHookSend=TRUE;
}
if(HookProtoProc(&pAdapterHandle->pSendPackets[nIndex],
(void**)&nob->SendPacketsHandler,
XF_SendPackets,pAdapterHandle)) bHookSend=TRUE;
if(bHookSend)
{
g_bHookSend=bHookSend;
pAdapterHandle->nIndex=nIndex;
}
}
void RehookSend(SHookProc *pHookProc,NDIS_HANDLE ProtocolBindingContext)
{
SAdapterHandle* pAdapterHandle=FindAdapterHandle(ProtocolBindingContext);
if(pAdapterHandle)
{
DbgPrint("Rehook Send Begin %d\n",g_bHookSend);
HookSend(pAdapterHandle,pAdapterHandle->NdisBindingHandle,pHookProc->pProtoHandle);
DbgPrint("Rehook Send End %d\n",g_bHookSend);
}
}
//NT在下面几种情况要重新HOOK Send:IP改变、网络重连接
NDIS_STATUS
XF_PnPEvent(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNET_PNP_EVENT NetPnPEvent
)
{
NDIS_STATUS Status=pHookProc->pPnPEvent(ProtocolBindingContext,NetPnPEvent);
DbgPrint("XF_PnPEvent %d\n",NetPnPEvent->NetEvent);
if(NetPnPEvent->NetEvent==NetEventReconfigure) //IP改变
{
RehookSend(pHookProc,ProtocolBindingContext);
}
return Status;
}
VOID
XF_StatusComplete(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext
)
{
pHookProc->pStatusComplete(ProtocolBindingContext);
DbgPrint("XF_StatusComplete\n");
RehookSend(pHookProc,ProtocolBindingContext);
}
VOID
XF_Status(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN NDIS_STATUS GeneralStatus,
IN PVOID StatusBuffer,
IN UINT StatusBufferSize
)
{
pHookProc->pStatus(ProtocolBindingContext,GeneralStatus,StatusBuffer,StatusBufferSize);
DbgPrint("XF_Status %X\n",GeneralStatus);
switch(GeneralStatus)
{
case NDIS_STATUS_MEDIA_DISCONNECT: //网络断开
g_bHookSend=FALSE;
break;
case NDIS_STATUS_MEDIA_CONNECT: //网络重连,在XF_StatusComplete完成RehookSend
// RehookSend(pHookProc,ProtocolBindingContext);
break;
default:
break;
}
}
#endif
VOID NDIS_API
XF_NdisOpenAdapter(
OUT PNDIS_STATUS Status,
OUT PNDIS_STATUS OpenErrorStatus,
OUT PNDIS_HANDLE NdisBindingHandle,
OUT PUINT SelectedMediumIndex,
IN PNDIS_MEDIUM MediumArray,
IN UINT MediumArraySize,
IN NDIS_HANDLE NdisProtocolHandle,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_STRING AdapterName,
IN UINT OpenOptions,
IN PSTRING AddressingInformation OPTIONAL,
IN NDIS_OPENADAPTER pNdisOpenAdapter
)
{
SAdapterHandle* pAdapterHandle=AllocAdapterHandle(ProtocolBindingContext);
pNdisOpenAdapter(Status,OpenErrorStatus,NdisBindingHandle,SelectedMediumIndex,
MediumArray,MediumArraySize,NdisProtocolHandle,ProtocolBindingContext,
AdapterName,OpenOptions,AddressingInformation);
if(pAdapterHandle==NULL) return;
DbgPrint("\n!!!!!XF_NdisOpenAdapter\n");
if(g_TcpIpHandle==NdisProtocolHandle)
{
UINT i;
for (i = 0; i < MediumArraySize; i++)
{
if (MediumArray[i] == NdisMedium802_3 || MediumArray[i] == NdisMediumWan)
{
AddTcpIpBindHandle(pAdapterHandle); //增加TCPIP句柄
break;
}
}
}
if((*Status)==NDIS_STATUS_SUCCESS)
{
pAdapterHandle->NdisBindingHandle=*NdisBindingHandle;
#ifdef _WIN32_WINNT
//因为Status成功,所以立即HOOK,否则在XF_OpenAdapterComplete中HOOK
HookSend(pAdapterHandle,*NdisBindingHandle,FindProtoHandle(NdisProtocolHandle));
#endif
}
else
{
pAdapterHandle->NdisBindingHandle=NULL;
pAdapterHandle->pNdisBindingHandle=NdisBindingHandle;
}
}
VOID NDIS_API
XF_OpenAdapterComplete(
SHookProc *pHookProc,
IN NDIS_HANDLE ProtocolBindingContext,
IN NDIS_STATUS Status,
IN NDIS_STATUS OpenErrorStatus
)
{
if(Status == NDIS_STATUS_SUCCESS)
{
SAdapterHandle* pAdapterHandle=FindAdapterHandle(ProtocolBindingContext);
if(pAdapterHandle && pAdapterHandle->NdisBindingHandle==NULL &&
pAdapterHandle->pNdisBindingHandle)
{
pAdapterHandle->NdisBindingHandle=*pAdapterHandle->pNdisBindingHandle;
#ifdef _WIN32_WINNT
//在XF_NdisOpenAdapter中没有HOOK,现在HOOK
HookSend(pAdapterHandle,pAdapterHandle->NdisBindingHandle,pHookProc->pProtoHandle);
#endif
}
}
pHookProc->pOpenAdapterComplete(
ProtocolBindingContext,
Status,
OpenErrorStatus);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -