Windows防火墻設(shè)計(jì)實(shí)驗(yàn)報(bào)告

PAGEPAGE1NUMPAGES14網(wǎng)絡(luò)安全大型作業(yè)（Windows防火墻設(shè)計(jì)）實(shí)驗(yàn)報(bào)告班級(jí)：08計(jì)算機(jī)網(wǎng)絡(luò)姓名：學(xué)號(hào)：V2008410日期:2011-3-3

一、實(shí)驗(yàn)?zāi)康暮鸵?、學(xué)習(xí)Windows下防火墻設(shè)計(jì)技術(shù)2、實(shí)現(xiàn)一個(gè)簡單的Windows下的防火墻軟件3、分析simpleFW軟件不足之處4、根據(jù)要求理解兩個(gè)SPI程序，并自己進(jìn)行擴(kuò)展，增加新的功能二、實(shí)驗(yàn)原理1.Windows的Hook技術(shù)：Hook分為Hook消息和Hook函數(shù)調(diào)用Hook函數(shù)調(diào)用是指截獲特定進(jìn)程或者系統(tǒng)對(duì)某個(gè)API函數(shù)的調(diào)用，使得API的執(zhí)行流程轉(zhuǎn)向特定的代碼，后者稱為注入代碼，注入代碼一般保存在注入DLL中。2.Windows報(bào)文截獲技術(shù)：原始套結(jié)字(RawSocket)和替換系統(tǒng)自帶的WINSOCK動(dòng)態(tài)連接庫3.WindowsSPI原理：Winsock2.0引入的一個(gè)功能就是允許開發(fā)者可以編寫自己的服務(wù)提供者接口程序，即SPI程序。SPI以DLL方式存在，工作在應(yīng)用層，為上層程序提供結(jié)構(gòu)函數(shù)。4.SimpleFW基本技術(shù)：Windows程序設(shè)計(jì)中幾乎所有的動(dòng)作都是利用消息來觸發(fā)。但是消息是和窗口綁定在一起的，一般擁有窗口才能接收消息。在特殊情況下，線程也可以接收消息在SimpleFW中，當(dāng)一個(gè)程序訪問Winsock會(huì)彈出對(duì)話框，讓用戶選擇是否允許訪問。這個(gè)過程通過IP_Moniter.dll發(fā)送給UI一個(gè)用戶自定義消息來實(shí)現(xiàn)。三、實(shí)驗(yàn)環(huán)境和采用的工具1、操作系統(tǒng)為WindowsXP2、編程工具為VC++6.0四、簡要分析實(shí)驗(yàn)原型軟件（SimpleFW）的不足1．原型軟件不能記錄訪問規(guī)則，每次打開防火墻都需要用戶重新設(shè)定，這樣帶來了很大的不便2．原型軟件不能靈活的對(duì)訪問規(guī)則進(jìn)行修改刪除，這樣一旦制定下來的規(guī)則都不能發(fā)生變化3．原型軟件沒有自定義規(guī)則的功能，這樣對(duì)于每一個(gè)應(yīng)用程序第一次訪問網(wǎng)絡(luò)都需要進(jìn)行詢問，這樣對(duì)用戶使用來說比較不方便4．原型軟件沒有基本的日志功能5．原型軟件不能對(duì)應(yīng)用程序進(jìn)行監(jiān)控甚至是進(jìn)行關(guān)鍵字匹配告警，只能進(jìn)行簡單的訪問控制6．原型軟件只是簡單的串行化，不能同時(shí)有多個(gè)應(yīng)用程序訪問7．原型軟件外觀比較簡陋，需要進(jìn)一步修飾8、原型軟件沒有流量監(jiān)控功能，用戶不知流量使用情況9、原型軟件缺少清理無用規(guī)則的功能10、原型軟件缺少修補(bǔ)系統(tǒng)漏洞的功能五、在實(shí)驗(yàn)原型軟件上新增的功能5.1功能1流量監(jiān)控5.1.1該功能可以實(shí)時(shí)監(jiān)控用戶當(dāng)前使用的流量以及到目前為止用戶設(shè)置時(shí)間內(nèi)所使用的總流量5.1.#include"stdafx.h"#include"MFNetTraffic.h"#include"float.h"#ifdef_DEBUG#undefTHIS_FILEstaticcharTHIS_FILE[]=__FILE__;#definenewDEBUG_NEW#endif#include"winperf.h"http://Construction/DestructionMFNetTraffic::MFNetTraffic(){ lasttraffic=0.0; CurrentInterface=-1; CurrentTrafficType=AllTraffic; GetInterfaces();}MFNetTraffic::~MFNetTraffic(){ }PERF_OBJECT_TYPE*FirstObject(PERF_DATA_BLOCK*dataBlock){return(PERF_OBJECT_TYPE*)((BYTE*)dataBlock+dataBlock->HeaderLength);}PERF_OBJECT_TYPE*NextObject(PERF_OBJECT_TYPE*act){return(PERF_OBJECT_TYPE*)((BYTE*)act+act->TotalByteLength);}PERF_COUNTER_DEFINITION*FirstCounter(PERF_OBJECT_TYPE*perfObject){return(PERF_COUNTER_DEFINITION*)((BYTE*)perfObject+perfObject->HeaderLength);}PERF_COUNTER_DEFINITION*NextCounter(PERF_COUNTER_DEFINITION*perfCounter){return(PERF_COUNTER_DEFINITION*)((BYTE*)perfCounter+perfCounter->ByteLength);}PERF_COUNTER_BLOCK*GetCounterBlock(PERF_INSTANCE_DEFINITION*pInstance){return(PERF_COUNTER_BLOCK*)((BYTE*)pInstance+pInstance->ByteLength);}PERF_INSTANCE_DEFINITION*FirstInstance(PERF_OBJECT_TYPE*pObject){return(PERF_INSTANCE_DEFINITION*)((BYTE*)pObject+pObject->DefinitionLength);}PERF_INSTANCE_DEFINITION*NextInstance(PERF_INSTANCE_DEFINITION*pInstance){PERF_COUNTER_BLOCK*pCtrBlk=GetCounterBlock(pInstance);return(PERF_INSTANCE_DEFINITION*)((BYTE*)pInstance+pInstance->ByteLength+pCtrBlk->ByteLength);}char*WideToMulti(wchar_t*source,char*dest,intsize){WideCharToMultiByte(CP_ACP,0,source,-1,dest,size,0,0);returndest;}/*WindowNT/2000:WhencallingtheRegQueryValueExfunctionwithhKeysettotheHKEY_PERFORMANCE_DATAhandleandavaluestringofaspecifiedobject,thereturneddatastructuresometimeshasunrequestedobjects.Don'tbesurprised;thisisnormalbehavior.WhencallingtheRegQueryValueExfunction,youshouldalwaysexpecttowalkthereturneddatastructuretolookfortherequestedobject.*///得到接口號(hào)為interfaceNumber的接口流量doubleMFNetTraffic::GetTraffic(intinterfaceNumber){ try {#defineDEFAULT_BUFFER_SIZE40960L POSITIONpos; CStringInterfaceName; pos=Interfaces.FindIndex(interfaceNumber); if(pos==NULL) return0.0; //得到當(dāng)前的接口名字 InterfaceName=Interfaces.GetAt(pos); //為性能數(shù)據(jù)緩沖 unsignedchar*data=newunsignedchar[DEFAULT_BUFFER_SIZE]; //從RegQueryValueEx返回的值:本例中忽略改變量 DWORDtype; //緩沖的尺寸 DWORDsize=DEFAULT_BUFFER_SIZE; //RegQueryValueEx返回的值 DWORDret; //從網(wǎng)絡(luò)對(duì)象(索引是510)查詢性能數(shù)據(jù) /* HKEY_PERFORMANCE_DATA: WindowsNT/2000/XP:Registryentriessubordinatetothiskeyallowyouto accessperformancedata.Thedataisnotactuallystoredintheregistry; theregistryfunctionscausethesystemtocollectthedatafromitssource. */ /* */ while((ret=RegQueryValueEx( HKEY_PERFORMANCE_DATA,"510",NULL,&type,data,&size))!=ERROR_SUCCESS) { if(ret==ERROR_MORE_DATA) { //緩沖尺寸太小，增加內(nèi)存分配 size+=DEFAULT_BUFFER_SIZE; delete[]data; data=newunsignedchar[size]; } else { //未定義的錯(cuò)誤 return1; } } //性能數(shù)據(jù)塊 PERF_DATA_BLOCK*dataBlockPtr=(PERF_DATA_BLOCK*)data; //枚舉鏈表中第一個(gè)對(duì)象 PERF_OBJECT_TYPE*objectPtr=FirstObject(dataBlockPtr); //遍歷鏈表 for(inta=0;a<(int)dataBlockPtr->NumObjectTypes;a++) { charnameBuffer[255]; //判斷是否是網(wǎng)絡(luò)對(duì)象索引號(hào)是510 if(objectPtr->ObjectNameTitleIndex==510) { //偏移變量 DWORDprocessIdOffset=ULONG_MAX; //找到第一個(gè)計(jì)數(shù)器 PERF_COUNTER_DEFINITION*counterPtr=FirstCounter(objectPtr); //遍歷鏈表 for(intb=0;b<(int)objectPtr->NumCounters;b++) { //判斷接收的數(shù)據(jù)類型是否是我們需要的 if((int)counterPtr->CounterNameTitleIndex==CurrentTrafficType) processIdOffset=counterPtr->CounterOffset; //下一個(gè)計(jì)數(shù)器 counterPtr=NextCounter(counterPtr); } //數(shù)據(jù)類型不是我們需要的 if(processIdOffset==ULONG_MAX){ delete[]data; return1; } //找到第一個(gè)實(shí)列(instance) PERF_INSTANCE_DEFINITION*instancePtr=FirstInstance(objectPtr); DWORDfullTraffic; DWORDtraffic; //遍歷整個(gè)實(shí)列 for(b=0;b<objectPtr->NumInstances;b++) { wchar_t*namePtr=(wchar_t*)((BYTE*)instancePtr+instancePtr->NameOffset); //得到這個(gè)實(shí)列的PERF_COUNTER_BLOCK PERF_COUNTER_BLOCK*counterBlockPtr=GetCounterBlock(instancePtr); //現(xiàn)在我們得到了接口的名字 char*pName=WideToMulti(namePtr,nameBuffer,sizeof(nameBuffer)); CStringiName; iName.Format("%s",pName); POSITIONpos=TotalTraffics.FindIndex(b); if(pos!=NULL) { fullTraffic=*((DWORD*)((BYTE*)counterBlockPtr+processIdOffset)); TotalTraffics.SetAt(pos,fullTraffic); } //如果當(dāng)前的接口就是我們選擇的接口 if(InterfaceName==iName) { traffic=*((DWORD*)((BYTE*)counterBlockPtr+processIdOffset)); doubleacttraffic=(double)traffic; doubletrafficdelta; //判斷處理的接口是否是新的 if(CurrentInterface!=interfaceNumber) { lasttraffic=acttraffic; trafficdelta=0.0; CurrentInterface=interfaceNumber; } else { trafficdelta=acttraffic-lasttraffic; lasttraffic=acttraffic; } delete[]data; return(trafficdelta); } //下一個(gè)實(shí)列 instancePtr=NextInstance(instancePtr); } } //下一個(gè)對(duì)象 objectPtr=NextObject(objectPtr); } delete[]data; return0; } catch(...) { return0; }}//枚舉安裝的接口BOOLMFNetTraffic::GetInterfaces(){ try {#defineDEFAULT_BUFFER_SIZE40960L Interfaces.RemoveAll(); unsignedchar*data=(unsignedchar*)malloc(DEFAULT_BUFFER_SIZE); DWORDtype; DWORDsize=DEFAULT_BUFFER_SIZE; DWORDret; chars_key[4096]; sprintf(s_key,"%d",510); //RegQueryValueEx的固定調(diào)用格式 while((ret=RegQueryValueEx(HKEY_PERFORMANCE_DATA,s_key,0,&type,data,&size))!=ERROR_SUCCESS){ while(ret==ERROR_MORE_DATA) { size+=DEFAULT_BUFFER_SIZE; data=(unsignedchar*)realloc(data,size); } if(ret!=ERROR_SUCCESS) { returnFALSE; } } //得到數(shù)據(jù)塊 PERF_DATA_BLOCK *dataBlockPtr=(PERF_DATA_BLOCK*)data; //得到第一個(gè)對(duì)象 PERF_OBJECT_TYPE*objectPtr=FirstObject(dataBlockPtr); for(inta=0;a<(int)dataBlockPtr->NumObjectTypes;a++) { charnameBuffer[255]; if(objectPtr->ObjectNameTitleIndex==510) { DWORDprocessIdOffset=ULONG_MAX; PERF_COUNTER_DEFINITION*counterPtr=FirstCounter(objectPtr); for(intb=0;b<(int)objectPtr->NumCounters;b++) { if(counterPtr->CounterNameTitleIndex==520) processIdOffset=counterPtr->CounterOffset; counterPtr=NextCounter(counterPtr); } if(processIdOffset==ULONG_MAX){ free(data); return1; } PERF_INSTANCE_DEFINITION*instancePtr=FirstInstance(objectPtr); for(b=0;b<objectPtr->NumInstances;b++) { wchar_t*namePtr=(wchar_t*)((BYTE*)instancePtr+instancePtr->NameOffset); PERF_COUNTER_BLOCK*counterBlockPtr=GetCounterBlock(instancePtr); char*pName=WideToMulti(namePtr,nameBuffer,sizeof(nameBuffer)); DWORDbandwith=*((DWORD*)((BYTE*)counterBlockPtr+processIdOffset)); DWORDtottraff=0; Interfaces.AddTail(CString(pName)); Bandwidths.AddTail(bandwith); TotalTraffics.AddTail(tottraff);//initial0,justforcreatingthelist instancePtr=NextInstance(instancePtr); } } objectPtr=NextObject(objectPtr); } free(data); returnTRUE; } catch(...) { returnFALSE; }}//返回安裝的接口數(shù)intMFNetTraffic::GetNetworkInterfacesCount(){ returnInterfaces.GetCount()-1;}//返回接口名稱BOOLMFNetTraffic::GetNetworkInterfaceName(CString*InterfaceName,intindex){ POSITIONpos=Interfaces.FindIndex(index); if(pos==NULL) retu