Click here to Skip to main content
Click here to Skip to main content
Search within:



 
Comments & Discussions

An Adventure: How to implement a Firewall-Hook Driver?

By , 28 Oct 2004
 
fwhookdrv_bin.zip
FirewallApp.exe
FwHookDrv.sys
fwhookdrv_src.zip
Driver
buildchk_wxp_x86.log
Debug
FwHookDrv.sys
vc60.idb
FwHookDrv.c
FwHookDrv.dsp
FwHookDrv.dsw
FwHookDrv.h
makefile
NetHeaders.h
objchk_wxp_x86
_objects.mac
i386
fwhookdrv.obj
FwHookDrv.pdb
FwHookDrv.sys
sources
FirewallApp.exe
FirewallHooK
FirewallApp.cpp
FirewallApp.dsp
FirewallApp.dsw
FirewallApp.h
FirewallApp.rc
FirewallAppDoc.cpp
FirewallAppDoc.h
FirewallAppView.cpp
FirewallAppView.h
MainFrm.cpp
MainFrm.h
res
CVS
Entries
Entries.Extra
Repository
Root
FirewallApp.ico
FirewallApp.rc2
FirewallAppDoc.ico
newtoolbar.bmp
Toolbar.bmp
resource.h
RuleDlg.cpp
RuleDlg.h
rules.h
sockUtil.cpp
sockutil.h
StdAfx.cpp
StdAfx.h
TDriver.cpp
TDriver.h
FwHookDrv.sys 
// MainFrm.cpp : implementation of the CMainFrame class
//

#include "stdafx.h"
#include "FirewallApp.h"

#include "MainFrm.h"
#include "RuleDlg.h"
#include "FirewallAppDoc.h"
#include "FirewallAppView.h"
#include "SockUtil.h"
#include "rules.h"

#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CMainFrame

IMPLEMENT_DYNCREATE(CMainFrame, CFrameWnd)

BEGIN_MESSAGE_MAP(CMainFrame, CFrameWnd)
	//{{AFX_MSG_MAP(CMainFrame)
	ON_WM_CREATE()
	ON_COMMAND(ID_BUTTONSTART, OnButtonstart)
	ON_COMMAND(ID_BUTTONADD, OnButtonadd)
	ON_COMMAND(ID_BUTTONDEL, OnButtondel)
	ON_COMMAND(ID_BUTTONDESINSTALL, OnButtondesinstall)
	ON_COMMAND(ID_BUTTONINSTALL, OnButtoninstall)
	ON_COMMAND(ID_BUTTONSTOP, OnButtonstop)
	ON_UPDATE_COMMAND_UI(ID_BUTTONSTART, OnUpdateButtonstart)
	ON_UPDATE_COMMAND_UI(ID_BUTTONSTOP, OnUpdateButtonstop)
	ON_COMMAND(IDMENU_ADDRULE, OnMenuAddrule)
	ON_COMMAND(IDMENU_DELRULE, OnMenuDelrule)
	ON_COMMAND(IDMENU_INSTALLRULES, OnMenuInstallrules)
	ON_COMMAND(IDMENU_UNINSTALLRULES, OnMenuUninstallrules)
	ON_COMMAND(ID_MENUSTART, OnMenustart)
	ON_UPDATE_COMMAND_UI(ID_MENUSTART, OnUpdateMenustart)
	ON_COMMAND(ID_MENUSTOP, OnMenustop)
	ON_UPDATE_COMMAND_UI(ID_MENUSTOP, OnUpdateMenustop)
	ON_COMMAND(ID_APP_EXIT, OnAppExit)
	ON_COMMAND(IDMENU_LOADRULES, OnLoadRules)
	ON_COMMAND(IDMENU_SAVERULES, OnSaveRules)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

static UINT indicators[] =
{
	ID_SEPARATOR,           // status line indicator
	ID_INDICATOR_CAPS,
	ID_INDICATOR_NUM,
	ID_INDICATOR_SCRL,
};

/////////////////////////////////////////////////////////////////////////////
// CMainFrame construction/destruction

CMainFrame::CMainFrame()
{
	started = FALSE;

	// Load Filter driver
	if(filterDriver.LoadDriver("FwHookDrv", NULL, NULL, TRUE) != DRV_SUCCESS)
	{
		AfxMessageBox("Error loading filter driver.");

		exit(-1);
	}
	
}

CMainFrame::~CMainFrame()
{
	
}

int CMainFrame::OnCreate(LPCREATESTRUCT lpCreateStruct)
{
	if (CFrameWnd::OnCreate(lpCreateStruct) == -1)
		return -1;
	
	if (!m_wndToolBar.CreateEx(this, TBSTYLE_FLAT, WS_CHILD | WS_VISIBLE | CBRS_TOP
		| CBRS_GRIPPER | CBRS_TOOLTIPS | CBRS_FLYBY | CBRS_SIZE_DYNAMIC) ||
		!m_wndToolBar.LoadToolBar(IDR_MAINFRAME))
	{
		TRACE0("Failed to create toolbar\n");
		return -1;      // fail to create
	}

	if (!m_wndStatusBar.Create(this) ||
		!m_wndStatusBar.SetIndicators(indicators,
		  sizeof(indicators)/sizeof(UINT)))
	{
		TRACE0("Failed to create status bar\n");
		return -1;      // fail to create
	}

	// TODO: Delete these three lines if you don't want the toolbar to
	//  be dockable
//	m_wndToolBar.EnableDocking(CBRS_ALIGN_ANY);
//	EnableDocking(CBRS_ALIGN_ANY);
//	DockControlBar(&m_wndToolBar);

	this->SetWindowText("Firewall FWHook");



	return 0;
}

BOOL CMainFrame::PreCreateWindow(CREATESTRUCT& cs)
{
	if( !CFrameWnd::PreCreateWindow(cs) )
		return FALSE;

	cs.style &= ~ FWS_ADDTOTITLE;

	return TRUE;
}

/////////////////////////////////////////////////////////////////////////////
// CMainFrame diagnostics

#ifdef _DEBUG
void CMainFrame::AssertValid() const
{
	CFrameWnd::AssertValid();
}

void CMainFrame::Dump(CDumpContext& dc) const
{
	CFrameWnd::Dump(dc);
}

#endif //_DEBUG

/////////////////////////////////////////////////////////////////////////////
// CMainFrame message handlers


void CMainFrame::OnButtonstart() 
{
	if(filterDriver.WriteIo(START_IP_HOOK, NULL, 0) != DRV_ERROR_IO)
	{
		started = TRUE;
	}
	
}

void CMainFrame::OnButtonstop() 
{
	if(filterDriver.WriteIo(STOP_IP_HOOK, NULL, 0) != DRV_ERROR_IO)
	{
		started = FALSE;
	}
}

void CMainFrame::OnButtonadd() 
{
	CFirewallAppDoc *doc = (CFirewallAppDoc *)GetActiveDocument();
	CRuleDlg dlg;

	// Check rule limit
	if(doc->nRules < MAX_RULES )
	{
		if(dlg.DoModal() == IDOK)
		{
			// Add rule to rule list
			if(doc->AddRule(dlg.srcIp, dlg.srcMask, dlg.srcPort, dlg.dstIp, dlg.dstMask, dlg.dstPort, dlg.protocol, dlg.cAction) != 0)
				AfxMessageBox("Error adding the rule");

			else
			{
				// Update screen
				CFirewallAppView *view = (CFirewallAppView *)GetActiveView();

				view->UpdateList();
			}

		}
	}

	else
		AfxMessageBox("No more rules can't be added.");
}

void CMainFrame::OnButtondel() 
{
	CFirewallAppView *view = (CFirewallAppView *)GetActiveView();


	// Get rule position
	POSITION pos = view->m_rules.GetFirstSelectedItemPosition();
	if (pos == NULL)
	{
		AfxMessageBox("No rule is selected.");

		return;
	}

	int position;
	position = view->m_rules.GetNextSelectedItem(pos);

	CFirewallAppDoc *doc = (CFirewallAppDoc *)GetActiveDocument();
	doc->DeleteRule(position);


	// Update view.
	view->UpdateList();
	
}


void CMainFrame::OnButtoninstall() 
{
	CFirewallAppDoc *doc = (CFirewallAppDoc *)GetActiveDocument();

	unsigned int i;
	DWORD result;

	// Send rules to the driver
	for(i=0;i<doc->nRules;i++)
	{
		result = AddFilterToFw(doc->rules[i].sourceIp, 
							   doc->rules[i].sourceMask,
							   doc->rules[i].sourcePort,
							   doc->rules[i].destinationIp,
							   doc->rules[i].destinationMask,
							   doc->rules[i].destinationPort,
							   doc->rules[i].protocol, 
							   doc->rules[i].action);


		if (!result) 
			break;
	}
	
}


void CMainFrame::OnButtondesinstall() 
{
	if(filterDriver.WriteIo(CLEAR_FILTER, NULL, 0) == DRV_ERROR_IO)
	{
		AfxMessageBox("Error uninstalling rules.");
	}
	
}


void CMainFrame::OnUpdateButtonstart(CCmdUI* pCmdUI) 
{
	if(started)
		pCmdUI->Enable(FALSE);

	else
		pCmdUI->Enable(TRUE);	
}

void CMainFrame::OnUpdateButtonstop(CCmdUI* pCmdUI) 
{
	if(started)
		pCmdUI->Enable(TRUE);

	else
		pCmdUI->Enable(FALSE);
}

void CMainFrame::OnMenuAddrule() 
{
	OnButtonadd();	
}

void CMainFrame::OnMenuDelrule() 
{
	OnButtondel();	
}

void CMainFrame::OnMenuInstallrules() 
{
	OnButtoninstall();
}

void CMainFrame::OnMenuUninstallrules() 
{
	OnButtondesinstall();
	
}

void CMainFrame::OnMenustart() 
{
	OnButtonstart();
}

void CMainFrame::OnUpdateMenustart(CCmdUI* pCmdUI) 
{
	if(started)
		pCmdUI->Enable(FALSE);

	else
		pCmdUI->Enable(TRUE);	
	
}

void CMainFrame::OnMenustop() 
{
	OnButtonstop();
}

void CMainFrame::OnUpdateMenustop(CCmdUI* pCmdUI) 
{
	if(started)
		pCmdUI->Enable(TRUE);

	else
		pCmdUI->Enable(FALSE);
	
}

void CMainFrame::OnAppExit() 
{

}

BOOL CMainFrame::AddFilterToFw(unsigned long srcIp, 
							   unsigned long srcMask,
							   unsigned short srcPort, 
							   unsigned long dstIp,
							   unsigned long dstMask,
							   unsigned short dstPort,
							   unsigned int protocol,
							   int action)
{
	IPFilter pf;


	pf.protocol = protocol;

	pf.destinationIp = dstIp;			
	pf.sourceIp		 = srcIp;

	pf.destinationMask = dstMask;	
	pf.sourceMask	   = srcMask;		

	pf.destinationPort = htons(dstPort);						
	pf.sourcePort	   = htons(srcPort);				

	pf.drop = action;		
	
	// Send rule to the driver
	DWORD result = filterDriver.WriteIo(ADD_FILTER, &pf, sizeof(pf));

	if (result != DRV_SUCCESS) 
	{
		AfxMessageBox("Error adding a rule.");

		return FALSE;
	}

	else
		return TRUE;
}

void CMainFrame::OnLoadRules() 
{
	CFile file;
	CFileException e;
	DWORD nRead;

	CFirewallAppDoc *doc = (CFirewallAppDoc *)GetActiveDocument();

	CFileDialog dg(TRUE,NULL, NULL, OFN_HIDEREADONLY | OFN_CREATEPROMPT,"Rule Files(*.rul)|*.rul|all(*.*)|*.*||", NULL);
	if(dg.DoModal()==IDCANCEL)
		return;
	
	CString nf=dg.GetPathName();

	if(nf.GetLength() == 0)
	{
		AfxMessageBox("Invalid file.");

		return;
	}

	if( !file.Open(nf, CFile::modeRead, &e ) )
	{
		AfxMessageBox("Error openning the file.");

		return;
	}

	doc->ResetRules();
	RuleInfo rule;
	
    do
    {
 		nRead = file.Read(&rule, sizeof(RuleInfo));
		
		if(nRead == 0)
			break;

		if(doc->AddRule(rule.sourceIp,
				        rule.sourceMask,
						rule.sourcePort,
						rule.destinationIp,
						rule.destinationMask,
						rule.destinationPort,
						rule.protocol,				   
						rule.action)  != 0)
		{

			AfxMessageBox("Error adding the rule");

			break;
		}

    }while (1);


		
	// Update view
	CFirewallAppView *view = (CFirewallAppView *)GetActiveView();

	view->UpdateList();
}

void CMainFrame::OnSaveRules() 
{
	CFirewallAppDoc *doc = (CFirewallAppDoc *)GetActiveDocument();

	if(doc->nRules == 0)
	{
		AfxMessageBox("No rules to save.");

		return;
	}


	CFileDialog dg(FALSE, NULL, NULL, OFN_HIDEREADONLY | OFN_CREATEPROMPT,"Rule Files(*.rul)|*.rul|all(*.*)|*.*||", NULL);
	if(dg.DoModal()==IDCANCEL)
		return;
	
	CString nf=dg.GetPathName();

	if(nf.GetLength() == 0)
	{
		AfxMessageBox("Invalid file.");

		return;
	}

	CFile file;
	CFileException e;
	
	if( !file.Open( nf, CFile::modeCreate | CFile::modeWrite, &e ) )
	{
		AfxMessageBox("Error openning the file.");

		return;
	}


	unsigned int i;

	// Send rules to the driver
	for(i=0;i<doc->nRules;i++)
	{
		file.Write(&doc->rules[i], sizeof(RuleInfo));
	}
	
	file.Close();
}

By viewing downloads associated with this article you agree to the Terms of use and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

About the Author

 Jesus Oliva
Chief Technology Officer
Spain Spain
Member
To summarize: learn, learn, learn... and then try to remember something I.... I don't Know what i have to remember...
 
http://www.olivacorner.com

About Article
Firewall-Hook driver is a completely unknown method to develop simple packet filtering applications. With this article, I want to tell you how this driver works and what you need to do to use it in your applications.
Type Article
Licence 
First Posted 28 Oct 2004
Views 236,480
Bookmarked 179 times
Top News

Old Japanese Man Creates Amazing Art Using Excel (Wait, Excel?)

Get the Insider News free each morning.
Related Videos
Implementing a Listener with Interface
31 Construct 2 - implementing variables rotate sprite to mouse
Developing Firewalls for Windows 2000/XP
Driver Development Part 1: Introduction to Drivers
Driver Development Part 6: Introduction to Display Drivers
Writing a Sensor Driver for the Wiimote on Windows 7
File System Filter Driver Tutorial
Detecting Windows NT/2K process execution
Driver Wizard
Entering Ring 0 using minimalistic approach
Simple WDM LoopBack Driver
ODBCTracer
CAviCap and CFrameGrabber - wrappers for AVICap Window
Building and deploying a basic WDF Kernel Mode Driver
Kernel-mode API spying - an ultimate hack
Driver Development Part 2: Introduction to Implementing IOCTLs
Access Physical Memory, Port and PCI Configuration Space
Driver Development Part 3: Introduction to driver contexts
Keystroke Monitoring
Reading and Writing to Raw Disk Sectors
Driver Development Part 4: Introduction to device stacks
Developing a WDF USB Kernel Mode Driver for the OSR USB FX2
Permalink | Advertise | Privacy | Mobile
Web01 | 2.6.130523.1 | Last Updated 28 Oct 2004
Article Copyright 2004 by Jesus Oliva
Everything else Copyright © CodeProject, 1999-2013
Terms of Use
Layout: fixed | fluid