using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text;
using System.Windows.Forms;
namespace Sci
{
public class FireWall
{
// 示例: FireWall_Allow();
#region 添加程序到防火墙例外项中
/// <summary>
/// 将当前应用程序添加到防火墙的例外项中
/// </summary>
public static void FireWall_Allow()
{
string exePath = Application.ExecutablePath;
string ruleName = Path.GetFileNameWithoutExtension(exePath);
FireWall_Allow(ruleName, exePath);
}
/// <summary>
/// 将指定的应用程序添加到防火墙的例外项中
/// </summary>
/// <param name="ruleName"></param>
/// <param name="exePath"></param>
public static void FireWall_Allow(string ruleName, string exePath)
{
string bat = CreatBat(ruleName, exePath);
if (bat.Equals("Exist")) return;
// 从Process执行
Process process = new Process();
process.StartInfo.Verb = "runas"; // 以管理员身份执行
process.StartInfo.FileName = bat;
process.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
process.StartInfo.UseShellExecute = true;
process.Start();
process.WaitForExit();
//File.Delete(bat);
File.WriteAllText(bat, ""); // 清空文件内容
}
//防火墙规则,添加与删除
//netsh advfirewall firewall add rule name = "QQ" dir=in program="C:\Program Files (x86)\QQ.exe" security=authnoencap action = allow
//netsh advfirewall firewall delete rule name = "QQ"
/// <summary>
/// 创建cmd命令,添加一个应用程序到防火墙例外项中
/// </summary>
/// <param name="ruleName"></param>
/// <param name="exePath"></param>
/// <returns></returns>
private static string CreatBat(string ruleName, string exePath)
{
string batName = AppDir() + $"rule-{ruleName}-{exePath.GetHashCode()}.bat";
if (File.Exists(batName)) return "Exist"; // 若已添加过,则不再执行
File.WriteAllText(batName, $"netsh advfirewall firewall add rule name=\"{ruleName}\" dir=in program=\"{exePath}\" security=authnoencap action=allow", Encoding.Default);
return batName;
}
/// <summary>
/// 公用数据目录
/// </summary>
private static string AppDir()
{
string dir = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
if (!dir.EndsWith("\\")) dir += "\\";
dir += "firewall_allow\\";
if (!Directory.Exists(dir)) Directory.CreateDirectory(dir);
return dir;
}
#endregion
#region 相关测试逻辑
//防火墙规则,添加与删除
//netsh advfirewall firewall add rule name = "QQ程序" dir=in program="C:\Program Files (x86)\T\QQ.exe" security=authnoencap action = allow
//netsh advfirewall firewall delete rule name = "QQ程序"
private static string Bat()
{
string batName = "rule1.bat";
File.WriteAllText(batName, $"netsh advfirewall firewall add rule name=\"QQ程序\" dir=in program=\"D:\\sc\\git\\T\\QQ.exe\" security=authnoencap action=allow", Encoding.Default);
return batName;
}
private static void test()
{
// 1、从PDiagnostics.Process执行
//System.Diagnostics.ProcessStartInfo startInfo = new System.Diagnostics.ProcessStartInfo();
//startInfo.FileName = Bat();
//startInfo.UseShellExecute = true;
//startInfo.Verb = "runas"; //设置启动动作,确保以管理员身份运行
//System.Diagnostics.Process.Start(startInfo);
//File.Delete(startInfo.FileName);
// 2、从Process执行
//Process process = new Process();
//process.StartInfo.Verb = "runas";
//process.StartInfo.FileName = Bat();
//process.StartInfo.UseShellExecute = true;
//process.Start();
//File.Delete(process.StartInfo.FileName);
// 3、调用cmd.exe执行
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.UseShellExecute = true;
startInfo.FileName = "cmd.exe";
startInfo.Arguments = "/c " + $"netsh advfirewall firewall add rule name=\"QQ程序\" dir=in program=\"D:\\sc\\git\\T\\QQ.exe\" security=authnoencap action=allow";
//startInfo.RedirectStandardInput = true;
//startInfo.RedirectStandardOutput = true;
//startInfo.RedirectStandardError = true;
startInfo.Verb = "RunAs";
Process process = new Process();
process.StartInfo = startInfo;
process.Start();
//process.StandardInput.WriteLine("bcdedit");
//process.StandardInput.WriteLine("exit");
//string strRst = process.StandardOutput.ReadToEnd();
//process.WaitForExit();
}
#endregion
#region 其它(C++无用)
如何以TrustedInstaller用户权限修改注册表
通过代码将当前权限提升到TrustedInstaller很麻烦,但是可以通过获取备份还原权限来绕过DACL的监测机制。
//#pragma comment(lib,"advapi32")
//# include <stdio.h>
//# include <string.h>
//# include <windows.h>
//bool EnablePriviledge(LPCTSTR lpSystemName)
//{
// HANDLE hToken;
// TOKEN_PRIVILEGES tkp = { 1 };
// if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
// {
// if (LookupPrivilegeValue(NULL, lpSystemName, &tkp.Privileges[0].Luid))
// {
// tkp.PrivilegeCount = 1;
// tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
// AdjustTokenPrivileges(hToken, FALSE, &tkp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
// if (GetLastError() != ERROR_SUCCESS)
// {
// CloseHandle(hToken);
// return false;
// }
// }
// CloseHandle(hToken);
// }
// return true;
//}
//int main()
//{
// bool bRet;
// LONG lResult;
// bRet = EnablePriviledge(SE_BACKUP_NAME);//这个函数是重点,让当前进程具备备份/还原的特权。
// if (bRet)
// {
// bRet = EnablePriviledge(SE_RESTORE_NAME);
// if (bRet)
// {
// HKEY hResult = NULL;
// DWORD dwDisposition;
// lResult = RegCreateKeyExW(HKEY_LOCAL_MACHINE,
// L"SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\shell\\NoAddOns",
// 0,
// NULL,
// REG_OPTION_BACKUP_RESTORE,//这个是重点,传入这个参数可以直接忽视KEY_ALL_ACCESS这个参数的作用,直接以备份/还原的特权去操作注册表
// KEY_ALL_ACCESS,
// NULL,
// &hResult,
// &dwDisposition);
// if (lResult != ERROR_SUCCESS)
// {
// return 3;
// }
// wchar_t cValue[256] = L"";
// lResult = RegSetValueExW(hResult, L"LegacyDisable", NULL, REG_SZ, (LPBYTE)cValue, (wcslen(cValue) + 1) * sizeof(wchar_t));
// if (lResult != ERROR_SUCCESS)
// {
// return 4;
// }
// RegCloseKey(hResult);
// printf("OK.\n");
// return 0;
// }
// else return 2;
// }
// else return 1;
//}
#endregion
}
}
添加程序到防火墙例外项中(windos防火墙信任项)
于 2023-10-26 17:33:09 首次发布