An Adventure: How to Implement a Firewall-Hook Driver?

Jesus Oliva

Rate me:

4.83/5 (65 votes)

28 Oct 20049 min read

672.1K

11K

194

Firewall-Hook driver is a completely unknown method to develop simple packet filtering applications. With this article, I want to tell you how this driver works and what you need to do to use it in your applications.

fwhookdrv_bin.zip
- FirewallApp.exe
- FwHookDrv.sys
fwhookdrv_src.zip
- Driver
  - buildchk_wxp_x86.log
  - Debug
    - FwHookDrv.sys
    - vc60.idb
  - FwHookDrv.c
  - FwHookDrv.dsp
  - FwHookDrv.dsw
  - FwHookDrv.h
  - makefile
  - NetHeaders.h
  - objchk_wxp_x86
    - _objects.mac
    - i386
      - fwhookdrv.obj
      - FwHookDrv.pdb
      - FwHookDrv.sys
  - sources
- FirewallApp.exe
- FirewallHooK
  - FirewallApp.cpp
  - FirewallApp.dsp
  - FirewallApp.dsw
  - FirewallApp.h
  - FirewallApp.rc
  - FirewallAppDoc.cpp
  - FirewallAppDoc.h
  - FirewallAppView.cpp
  - FirewallAppView.h
  - MainFrm.cpp
  - MainFrm.h
  - res
    - CVS
      - Entries
      - Entries.Extra
      - Repository
      - Root
    - FirewallApp.ico
    - FirewallApp.rc2
    - FirewallAppDoc.ico
    - newtoolbar.bmp
    - Toolbar.bmp
  - resource.h
  - RuleDlg.cpp
  - RuleDlg.h
  - rules.h
  - sockUtil.cpp
  - sockutil.h
  - StdAfx.cpp
  - StdAfx.h
  - TDriver.cpp
  - TDriver.h
- FwHookDrv.sys

/*

  FwHookDrv.H

  Author: Jes�s O.
  Last Updated : 12/09/03 
  
*/


//
// Define the various device type values.  Note that values used by Microsoft
// Corporation are in the range 0-32767, and 32768-65535 are reserved for use
// by customers.
//
// Device type
#define FILE_DEVICE_FWHOOKDRV  0x00692322


#define FWHOOKDRV_IOCTL_INDEX  0x830


// IOCTLs
#define START_IP_HOOK CTL_CODE(FILE_DEVICE_FWHOOKDRV, FWHOOKDRV_IOCTL_INDEX,METHOD_BUFFERED, FILE_ANY_ACCESS)

#define STOP_IP_HOOK CTL_CODE(FILE_DEVICE_FWHOOKDRV, FWHOOKDRV_IOCTL_INDEX+1, METHOD_BUFFERED, FILE_ANY_ACCESS)

#define ADD_FILTER CTL_CODE(FILE_DEVICE_FWHOOKDRV, FWHOOKDRV_IOCTL_INDEX+2, METHOD_BUFFERED, FILE_WRITE_ACCESS)

#define CLEAR_FILTER CTL_CODE(FILE_DEVICE_FWHOOKDRV, FWHOOKDRV_IOCTL_INDEX+3, METHOD_BUFFERED, FILE_ANY_ACCESS)



// Structure to define filter rules
typedef struct filter
{
	USHORT protocol;		// Protocol

	ULONG sourceIp;			// Source Ip
	ULONG destinationIp;	// Destination Ip

	ULONG sourceMask;		// Source Ip mask
	ULONG destinationMask;	// Destination Ip mask

	USHORT sourcePort;		// Source port
	USHORT destinationPort; // Destination port
	
	BOOLEAN drop;			// if TRUE, the packet will be dropped
}IPFilter, *PIPFilter;

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

Written By

Jesus Oliva

Chief Technology Officer

Spain

To summarize: learn, learn, learn... and then try to remember something I.... I don't Know what i have to remember...

http://www.olivacorner.com

An Adventure: How to Implement a Firewall-Hook Driver?

Comments and Discussions