在 Windows 中制作一个拦截网络流量的程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5682875/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Making a program that intercepts network traffic in Windows
提问by cost
Sort of what I'm asking is "how to make a software firewall for Windows," but something not so complex. I'm surprised I can find so little when searching for this, only the occasional mention of hooks. So it'd be much appreciated if someone could point me in the right direction.
我想问的是“如何为 Windows 制作软件防火墙”,但并不是那么复杂。我很惊讶在搜索这个时我能找到的很少,只是偶尔提到钩子。因此,如果有人能指出我正确的方向,我将不胜感激。
I expect to do this with C (though if there's another language you think would work better, I'm all ears). I want to make an application that watches network traffic, can extract the IP address (source for incoming, destination for outgoing), and can block said network activity.
我希望用 C 来做这件事(尽管如果有另一种你认为更好的语言,我全神贯注)。我想制作一个监视网络流量的应用程序,可以提取 IP 地址(传入的源,传出的目标),并且可以阻止所述网络活动。
This seems like something that would be much easier to do in the kernel, but I don't want to be mucking around in there, nor do I even have access to do that in Windows anyway. I'm not worried about efficiency, nor am I looking to make a personal firewall. This is just for an experiment regarding IP addresses.
这似乎在内核中更容易做到,但我不想在那里乱搞,无论如何我什至无法在 Windows 中做到这一点。我不担心效率,也不打算制作个人防火墙。这仅用于有关 IP 地址的实验。
Any pointers?
任何指针?
Note: It's important that I be able to block network certain network activity too, not just monitor it
注意:重要的是我也能够阻止网络某些网络活动,而不仅仅是监视它
采纳答案by Matteo Italia
The DIY way would be going in kernel mode, using filter-hook drivers(for Windows 2000-XP) or WFP Callout Drivers.
DIY 方式将进入内核模式,使用过滤器挂钩驱动程序(适用于 Windows 2000-XP)或WFP 标注驱动程序。
If you want to let others do the dirty work in kernel-mode, the WinPcapdriver/library sports lots of low-level network features, including the ones you need, that you can use from user-mode (notice that using WinPcap you can't drop packets).
如果你想让其他人在内核模式下做肮脏的工作,WinPcap驱动程序/库提供了许多低级网络功能,包括你需要的,你可以在用户模式下使用(注意,使用 WinPcap 你可以'不丢包)。
回答by Jerry Coffin
It sounds like what you're looking for is a Winsock Service Provider Interface(SPI) Layered Service Provider(LSP). From what you've said, if you're dealing with Vista or newer, you probably want to implement an instance of the LSP_INSPECTOR class. For older versions of Windows, that class doesn't apply exactly, but the same general idea does. On Vista/7, you set the category (class) for your application with WSCSetApplicationCategory. To install your provider, you fill out a WSAPROTOCOL_INFOstructure, then register it by calling WSCInstallProvider.
听起来您正在寻找的是 Winsock服务提供者接口(SPI)分层服务提供者(LSP)。根据您所说的,如果您使用的是 Vista 或更新版本,您可能想要实现 LSP_INSPECTOR 类的实例。对于旧版本的 Windows,该类并不完全适用,但相同的总体思路适用。在 Vista/7 上,您可以使用WSCSetApplicationCategory. 要安装您的提供程序,您需要填写一个WSAPROTOCOL_INFO结构,然后通过调用注册它WSCInstallProvider。
回答by Doug T.
You want to look at libpcap and tcpdump.
您想查看libpcap 和 tcpdump。
回答by Dhaivat Pandya
I think what you are looking for is a packet sniffer, it will intercept almost all communications over a network. If you want to use a library, check out WinPCap, which was meant for exactly this purpose.
我认为您正在寻找的是数据包嗅探器,它会拦截几乎所有网络通信。如果您想使用库,请查看WinPCap,它正是为此目的而设计的。
Also, if you think that you just want something pre-written and just want to modify it, check out Wireshark. Although, reading code is often more difficult than writing it.
此外,如果您认为您只想要预先编写的内容并且只想修改它,请查看Wireshark。尽管如此,阅读代码通常比编写代码更难。
