ifh.c

简单实现网路数据的过滤

/* 
 * 作者: fracker
 * 联系：fracker@yeah.net
 * 时间：2002-9-6 16:05
 * 声明：
 *       1. 本程序为开放源代码，对源代码的使用没有任何限制，但因为使用本代码所带来
 *          的任何后果，作者不负任何责任。
 *       2. 本程序中得不完善或者错误的地方，请指出并E-mail作者。
 *       3。更多测试，更多bug.
 *       
 */
 
#include "ntddk.h"
#include "ntddndis.h"
#include "pfhook.h"
#include "ifh.h"

/*
 * Hook函数，这个函数里面，我们过滤所有的ICMP包！！
 */
PF_FORWARD_ACTION IfHookProc( unsigned char   *PacketHeader,
	                          unsigned char   *Packet,
	                          unsigned int    PacketLength,
	                          unsigned int    RecvInterfaceIndex,
	                          unsigned int    SendInterfaceIndex,
	                          IPAddr          RecvLinkNextHop,
	                          IPAddr          SendLinkNextHop
	                          ) 
{
	char * ptr;
	IPHeader * pHdr = ( IPHeader * )PacketHeader;
	ptr = &pHdr->iph_dest;
	DbgPrint( "Destination is %d.%d.%d.%d\n", *ptr, *(ptr+1), *(ptr+2), *(ptr+3) );
	if( pHdr->iph_protocol == IPPROTO_ICMP ) { /* 同样也可以拦截其他的包 */	
		DbgPrint( "ICMP packet had been dropped !\n" );			
	}
	
	return PF_PASS;
}

NTSTATUS 
SetIpFilterHook( 
	PacketFilterExtensionPtr pHookProc 
	) 
{
	UNICODE_STRING  			IfName;
	PFILE_OBJECT				pIfFileObject = NULL;
	PDEVICE_OBJECT				pIfDeviceObject = NULL;
	PF_SET_EXTENSION_HOOK_INFO 	HookInfo;
	IO_STATUS_BLOCK  			IoStatusBlock;
	KEVENT  					Event;
	NTSTATUS					Status;
	PIRP 						Irp;
	
	RtlInitUnicodeString( &IfName, DD_IPFLTRDRVR_DEVICE_NAME );
	
	if( STATUS_SUCCESS == IoGetDeviceObjectPointer( 	&IfName, 
													FILE_ALL_ACCESS, 
													&pIfFileObject, 
													&pIfDeviceObject ) ) 
	{
		if( pIfDeviceObject != NULL ) {
			HookInfo.ExtensionPointer = pHookProc;
			KeInitializeEvent( &Event, NotificationEvent, TRUE );

			Irp = IoBuildDeviceIoControlRequest( IOCTL_PF_SET_EXTENSION_POINTER, 
						pIfDeviceObject, 
						pHookProc?( ( PVOID )&HookInfo ) : NULL, 
						sizeof( PF_SET_EXTENSION_HOOK_INFO ), 
						NULL, 
						0, 
						FALSE,
						&Event,
						&IoStatusBlock );

			if( Irp ) {
				Status = IoCallDriver( pIfDeviceObject, Irp );
				if( STATUS_PENDING == Status ) 
					Status = KeWaitForSingleObject(  &Event, Executive, KernelMode, FALSE, NULL );
				return Status;
			}			
		}
	}
	
	return STATUS_UNSUCCESSFUL;
}
	
NTSTATUS 
IfhDispatch( 
	IN PDEVICE_OBJECT pDO, 
	IN PIRP Irp 
	) 
{
	Irp->IoStatus.Information = 0;	
	Irp->IoStatus.Status = STATUS_SUCCESS;	
	IoCompleteRequest( Irp, IO_NO_INCREMENT );
	
	return STATUS_SUCCESS;	
}
	
VOID 
IfhUnload( 
	PDRIVER_OBJECT DriverObject 
	) 
{

	UNICODE_STRING 		SymbolName;
	PDEVICE_OBJECT		pDeviceObject;
	PDEVICE_OBJECT		pNextObject;	

	if( DriverObject ) {
	
		SetIpFilterHook( NULL );	
		
		RtlInitUnicodeString( &SymbolName, DD_SYMBOL_NAME );
		IoDeleteSymbolicLink( &SymbolName );
		
		pDeviceObject = DriverObject->DeviceObject;
		while( pDeviceObject ) {
			pNextObject = pDeviceObject->NextDevice;
			IoDeleteDevice( pDeviceObject );
			pDeviceObject = pNextObject;
		}
	}	
}

NTSTATUS 
DriverEntry(
	PDRIVER_OBJECT		DriverObject,
	PUNICODE_STRING		RegistryPath
	)
{
	UNICODE_STRING 		DeviceName;
	UNICODE_STRING 		SymbolName;
	PDEVICE_OBJECT		pDeviceObject;
	int 				i;
	
	DbgPrint( "IpFilterHook\n" );
	
	for( i=0; i<IRP_MJ_MAXIMUM_FUNCTION; i++ ) DriverObject->MajorFunction[i] = IfhDispatch;
	DriverObject->DriverUnload = IfhUnload;

	RtlInitUnicodeString( &DeviceName, DD_DEVICE_NAME );
	IoCreateDevice( DriverObject, 
				0, 
				&DeviceName, 
				FILE_DEVICE_NULL, 
				0, 
				FALSE, 
				&pDeviceObject );	
				
	RtlInitUnicodeString( &SymbolName, DD_SYMBOL_NAME );
	IoCreateSymbolicLink( &SymbolName, &DeviceName );	
	
	if( STATUS_SUCCESS == SetIpFilterHook( IfHookProc ) ) {
		DbgPrint( "Set IpFilterDriver Hook success.\n" );
	} else {
		DbgPrint( "Set IpFilterDriver Hook failed.\n" );
	}	
	
	return STATUS_SUCCESS;
}