#include <ntddk.h> #include <winerror.h> #pragma warning(push) #pragma warning(disable:4201) #include <fwpsk.h> #pragma warning(pop) #include <fwpmk.h> #include <fwpmu.h> #pragma comment(lib, "Fwpuclnt.lib") /* FWPM_PROVIDER Key **/ static const GUID WFPSAMPLER_PROVIDER = { /* 53504657-6D61-5F70-5072-6F7669646572 */ 0x53504657, 0x6D61, 0x5F70, {0x50, 0x72, 0x6F, 0x76, 0x69, 0x64, 0x65, 0x72} }; /* FWPM_SUBLAYER Key **/ static const GUID WFPSAMPLER_SUBLAYER = { /* 53504657-6D61-5F70-5375-624C61796572 */ 0x53504657, 0x6D61, 0x5F70, {0x53, 0x75, 0x62, 0x4C, 0x61, 0x79, 0x65, 0x72} }; HANDLE engineHanle; FWPM_SESSION session; FWPM_PROVIDER provider; FWPM_FILTER_CONDITION condition; FWPM_FILTER blockFilterIn; FWPM_FILTER blockFilterOut; FWPM_SUBLAYER sublayer; FWP_V4_ADDR_AND_MASK addrtoblock; DRIVER_INITIALIZE DriverEntry; NTSTATUS DriverEntry( IN PDRIVER_OBJECT driverObject, IN PUNICODE_STRING registryPath ); DRIVER_UNLOAD DriverUnload; VOID DriverUnload( IN PDRIVER_OBJECT driverObject ); VOID DriverUnload( IN PDRIVER_OBJECT driverObject ) { FwpmFilterDeleteById0(engineHanle, blockFilterIn.filterId); FwpmFilterDeleteById0(engineHanle, blockFilterOut.filterId); FwpmEngineClose0(engineHanle); engineHanle=0; } NTSTATUS DriverEntry( IN PDRIVER_OBJECT driverObject, IN PUNICODE_STRING registryPath ) { //USER ALE_CONNECT TO BLOCK WE CAN ALSO ADD PROTOCOL INFO AS A FILTER CONDITION driverObject->DriverUnload = DriverUnload; session.displayData.name=L"My Session"; session.flags=FWPM_SESSION_FLAG_DYNAMIC; provider.displayData.name=L"My Provider"; provider.providerKey=WFPSAMPLER_PROVIDER; sublayer.displayData.name=L"My Sublayer"; sublayer.subLayerKey=WFPSAMPLER_SUBLAYER; sublayer.providerKey=(GUID *)&WFPSAMPLER_PROVIDER; memset(&blockFilterIn, 0, sizeof(FWPM_FILTER0)); memset(&blockFilterOut, 0, sizeof(FWPM_FILTER0)); FwpmEngineOpen(0, RPC_C_AUTHN_WINNT, 0, &session, &engineHanle); blockFilterIn.displayData.name = L"Block Inbound Filter"; blockFilterIn.layerKey = FWPM_LAYER_INBOUND_TRANSPORT_V4; blockFilterIn.subLayerKey = sublayer.subLayerKey; blockFilterIn.weight.type = FWP_UINT8; blockFilterIn.weight.uint8 = 0xF; blockFilterIn.numFilterConditions = 0; blockFilterIn.filterCondition = 0; blockFilterIn.action.type = FWP_ACTION_BLOCK; blockFilterOut.displayData.name = L"Block Outbound Filter"; blockFilterOut.layerKey = FWPM_LAYER_OUTBOUND_TRANSPORT_V4; blockFilterOut.subLayerKey = sublayer.subLayerKey; blockFilterOut.weight.type = FWP_UINT8; blockFilterOut.weight.uint8 = 0xF; blockFilterOut.numFilterConditions = 0; blockFilterOut.filterCondition = 0; blockFilterOut.action.type = FWP_ACTION_BLOCK; FwpmTransactionBegin(engineHanle,0); FwpmProviderAdd(engineHanle,&provider,0); FwpmSubLayerAdd(engineHanle,&sublayer,0); FwpmFilterAdd(engineHanle,&blockFilterOut,0,&(blockFilterOut.filterId)); FwpmFilterAdd(engineHanle,&blockFilterIn,0,&(blockFilterIn.filterId)); FwpmTransactionCommit(engineHanle); }