问题
I googled many times till I created this question, so please excuse me if there are some tutorials out there. I didn't found them. How can I code a firewall application in windows? I thought about a usermode fiewall using inline hooks in every process, but there is the problem that I can't hook csrss.exe (which creates the new processes) in windows 7. The second thing is that it's not very clean and will be detected as malware for sure. So I think that I should hook the APIs in kernel mode as a driver. But there are 3 problems.
- First I don't know the kernel APIs for the windows sockets.
- Second I havent't got any experience in kernel mode hooks.
- Third I don't know if it's the right way.
Don't worry, I know that it's not easy and I'm not a beginner with jsut an idea ;). If anyone has got good information please share it. Oh and I want to write for x86 Systems ;).
回答1:
You need Windows Filtering Platform (WFP).
With the WFP API, developers can implement firewalls, intrusion detection systems, antivirus programs, network monitoring tools, and parental controls. WFP integrates with and provides support for firewall features such as authenticated communication and dynamic firewall configuration based on applications' use of sockets API (application-based policy). WFP also provides infrastructure for IPsec policy management, change notifications, network diagnostics, and stateful filtering.
来源:https://stackoverflow.com/questions/6112835/windows-firewall-programming