好久没有自己想做的软件了,以前做防火墙想做了很久,但一直没有时间,或许觉得很难,周末实在无聊,就开始着手做这个了,比想的要简单多了
实现了,按照自定义法则(根据IP,端口,应用程序)通过 /丢弃数据包,监控进程,基本实现天网防火墙的业务功能,加上自己一些想法
主要用了hook,内存映射,一些api函数,如果对这些感兴趣的朋友,可以讨论哈
hook提供思路性的代码
function NEWWSARecv(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesRecvd: DWORD; var lpFlags: DWORD;
lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall;
type
tWSARecv = function(s: TSocket; lpBuffers: LPWSABUF; dwBufferCount: DWORD; var lpNumberOfBytesRecvd: DWORD; var lpFlags: DWORD;
lpOverlapped: LPWSAOVERLAPPED; lpCompletionRoutine: LPWSAOVERLAPPED_COMPLETION_ROUTINE): Integer; stdcall;
var
ip: string;
port: integer;
localport: Integer;
i: integer;
ProtId: string