📄 _init.asm
字号:
;====================================================================
_SetIpFilterHook proc uses edi esi ebx _FilterProc:DWORD
; 安装卸载函数,NULL为卸载
local pIfDeviceObject:DWORD ; ebp-04
local pIfFileObject:DWORD ; ebp-08
local HookInfo:PF_SET_EXTENSION_HOOK_INFO ; ebp-0C
local IfName:UNICODE_STRING ; ebp-14 保存 Unicode IfName
local IoStatusBlock:IO_STATUS_BLOCK ; ebp-1C size = 8
local TempName:UNICODE_STRING ; 临时保存 Unicode IfName
mov pIfFileObject,0
mov pIfDeviceObject,0
invoke RtlInitUnicodeString,addr IfName,addr DD_IPFLTRDRVR_NAME
invoke IoGetDeviceObjectPointer,addr IfName,FILE_ALL_ACCESS,addr pIfFileObject,addr pIfDeviceObject
.if eax == STATUS_SUCCESS && pIfDeviceObject != 0
mov (PF_SET_EXTENSION_HOOK_INFO ptr [HookInfo]).ExtensionPointer,offset IPfilterProc
.if _FilterProc != 0
lea esi,HookInfo
.else
xor esi,esi
.endif
invoke IoBuildDeviceIoControlRequest,128058h,pIfDeviceObject,esi,4,0,0,0,0,addr IoStatusBlock
.if eax
invoke IoCallDriver,pIfDeviceObject,eax
ret
.endif
.endif
mov eax,STATUS_UNSUCCESSFUL ; 返回值无意义
ret
_SetIpFilterHook endp
;====================================================================
_Unload proc uses edi esi ebx DriverObject:DWORD
local SymbolName:UNICODE_STRING
local pDeviceObject:PDEVICE_OBJECT
local TempName:UNICODE_STRING ; 临时保存 Unicode IfName
;====================================================================
; 驱动停止的时候停止防火墙并保存现有的规则
invoke _LoadRule,1 ; 保存防火墙规则
invoke _SetIpFilterHook,NULL
;====================================================================
.if DriverObject
invoke RtlInitAnsiString,addr TempName,offset DD_SYMBOL_NAME
invoke RtlAnsiStringToUnicodeString,addr SymbolName,addr TempName,TRUE
invoke IoDeleteSymbolicLink,addr SymbolName
invoke RtlFreeUnicodeString,addr SymbolName
mov edi,DriverObject
mov esi,(DRIVER_OBJECT ptr [edi]).DeviceObject
.while esi
mov edi,(DEVICE_OBJECT ptr [esi]).NextDevice
invoke IoDeleteDevice,esi
mov esi,edi
.endw
.endif
ret
_Unload endp
;====================================================================
DriverEntry proc uses edi esi ebx DriverObj:DWORD,RegistryPath:DWORD
local DeviceName:UNICODE_STRING
local SymbolName:UNICODE_STRING
local pDeviceObject:PDEVICE_OBJECT
local TempName:UNICODE_STRING
;int 3
mov eax,DriverObj
assume eax:ptr DRIVER_OBJECT
mov [eax].DriverUnload,offset _Unload
lea edi,[eax].MajorFunction
lea eax,_Dispatch
mov [edi+ IRP_MJ_CREATE *4],eax ; 打开
mov [edi+ IRP_MJ_CLOSE *4],eax ; 关闭
mov [edi+ IRP_MJ_DEVICE_CONTROL *4],eax ; 控制
; mov ecx,IRP_MJ_MAXIMUM_FUNCTION
; rep stosd
assume eax:nothing ; 设置例程
;====================================================================
invoke RtlInitAnsiString,addr TempName,offset DD_DEVICE_NAME
invoke RtlAnsiStringToUnicodeString,addr DeviceName,addr TempName,TRUE
invoke RtlInitAnsiString,addr TempName,offset DD_SYMBOL_NAME
invoke RtlAnsiStringToUnicodeString,addr SymbolName,addr TempName,TRUE
;====================================================================
invoke IoCreateDevice,DriverObj,0,addr DeviceName,\
FILE_DEVICE_NULL,0,NULL,addr pDeviceObject
.if eax != STATUS_SUCCESS
jmp Err
.endif
invoke IoCreateSymbolicLink,addr SymbolName,addr DeviceName
.if eax != STATUS_SUCCESS
mov edi,DriverObj ; 出错,删除所有设备退出
mov esi,(DRIVER_OBJECT ptr [edi]).DeviceObject
.while esi
mov edi,(DEVICE_OBJECT ptr [esi]).NextDevice
invoke IoDeleteDevice,esi
mov esi,edi
.endw
jmp Err
.endif
;====================================================================
; 默认情况自动打开防火墙
invoke _LoadRule,0 ; 读取防火墙规则
invoke _SetIpFilterHook,addr IPfilterProc ; 安装过滤
;====================================================================
Err: ; 出错直接返回
invoke RtlFreeUnicodeString,addr DeviceName
invoke RtlFreeUnicodeString,addr SymbolName
xor eax,eax
ret
DriverEntry endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -