eMbedded Visual C++ 3.0eVCWindows MobileVisual C++ 7.0C++/CLIDBAWindows 2000Visual C++ 6.0高级Windows XP移动应用开发Visual StudioSQL ServerSQLWindowsC++.NET
一个不那么简单的防火墙。
3.48/5 (34投票s)
2004年6月22日
124732
1776
如果我可以这样称呼它的话,这是一个不那么简单的防火墙。这个应用程序会询问你是否希望启动某个程序。
引言
这篇文章是对旧的进程监视器的更新。
新的添加包括一个托盘图标。在这个新的应用程序中,你不需要记下哪些应用程序不应该启动。
你只需要被询问是否希望启动某个应用程序。
该应用程序仍然使用 Windows 钩子,但这次略有不同。当检测到想要启动的应用程序时,它会被保存在 Windows 注册表中,因此回调函数不会再次询问你是否希望启动它。如果你给予它启动的批准,该应用程序将被设置为默认启动。
这意味着每次它想要启动时都会启动。但是,如果你告诉程序应该停止它,该应用程序将永远不会启动,直到停止钩子为止。
DLL_EXPORT void BagaHooku(void) { if (!bHooked) { CBT = SetWindowsHookEx(WH_CBT, (HOOKPROC)CBTProc, hInst, (DWORD)NULL); bHooked = TRUE; } }
只需设置钩子即可。
现在是回调函数
LRESULT CALLBACK CBTProc(int nCode,WPARAM wParam,LPARAM lParam)
{
if ((nCode==HCBT_ACTIVATE)||(nCode==HCBT_SYSCOMMAND)||(nCode==HCBT_QS)
||(nCode==HCBT_CREATEWND))
{
HANDLE hProc;
HMODULE hMods[1024];
DWORD n;
DWORD dwProcessId;
DWORD lpExitCode;
DWORD dwSize, dwType, dwDisp;
HKEY Regentry;
char *host1;
char host[1024];
char rezerva[1024];
GetWindowThreadProcessId((HWND)wParam, &dwProcessId);
hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, (DWORD)dwProcessId);
if (EnumProcessModules(hProc, hMods, sizeof(hMods), &n))
{
if (n>0)
GetModuleFileNameEx(hProc, hMods[0],
szModName, sizeof(szModName));
}
GetExitCodeProcess(hProc,&lpExitCode); //gets the exit code
if (!(host1 = strrchr(szModName,'\\')))
strcpy(host,szModName);
else
strcpy(host,host1+1);
//get the program name
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Gapula\\PEND", 0,
KEY_QUERY_VALUE, &Regentry);
RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize);
if (RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize)!=ERROR_SUCCESS)
//check if the application was filtred once
{
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Gapula\\OK", 0,
KEY_QUERY_VALUE, &Regentry);
RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize);
if (RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize)!=ERROR_SUCCESS)
//if it is not in the OK folder
{
RegCloseKey(Regentry);
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Gapula\\RESTR",
0, KEY_QUERY_VALUE|KEY_ALL_ACCESS, &Regentry);
RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize);
if (RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize)!=ERROR_SUCCESS)
//if it is not in the restricted folder as well
{
RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Gapula\\PEND", 0, "",
REG_OPTION_NON_VOLATILE, KEY_WRITE,
NULL, &Regentry, &dwDisp);
RegSetValueEx(Regentry, host, 0, REG_SZ,
(unsigned char *)szModName,
strlen(szModName)+1);
RegCloseKey(Regentry);
//we put it in the pending folder so the callback
//function will never ask about this again
strcat(szModName," is trying to start, do you allow that?
\n Please recall that if you say yes
this action will be happening every time
this program starts\nThis goes for NO as
well so be careful what you wish for");
if (MessageBox(NULL,szModName,"Gabby",
MB_ICONQUESTION|MB_SYSTEMMODAL|MB_APPLMODAL|
MB_TASKMODAL|MB_SETFOREGROUND|MB_TOPMOST|
MB_YESNO)==IDNO)
//if IDNO so if you don't want it to start we put it in
//the restricted folder
{
RegCreateKeyEx( HKEY_LOCAL_MACHINE,
"SOFTWARE\\Gapula\\RESTR", 0, "",
REG_OPTION_NON_VOLATILE,KEY_WRITE,
NULL, &Regentry, &dwDisp);
RegSetValueEx(Regentry, host, 0, REG_SZ,
(unsigned char *)szModName,
strlen(szModName)+1);
RegCloseKey(Regentry);
TerminateProcess(hProc, (UINT)lpExitCode);
}
else
//else if you said IDYES we put it in the OK folder
{
RegCreateKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\\Gapula\\OK", 0, "",
REG_OPTION_NON_VOLATILE,KEY_WRITE, NULL,
&Regentry, &dwDisp);
RegSetValueEx(Regentry, host, 0, REG_SZ,
(unsigned char *)szModName,
strlen(szModName)+1);
RegCloseKey(Regentry);
return 0;
}
}
//else if the application is in the restricted folder we
//terminate the application
else
TerminateProcess(hProc, (UINT)lpExitCode);
}
else
//else if it is in the OK folder we return 0; which means success
{
return 0;
}
}
//else if it is in the pending folder it means it was already
//filtered so we have to check if it in the RESTR folder or in
//the OK folder
else
{
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\Gapula\\RESTR", 0,
KEY_QUERY_VALUE|KEY_ALL_ACCESS, &Regentry);
RegQueryValueEx(Regentry,host , NULL, &dwType, (unsigned
char*)&rezerva, &dwSize);
if(RegQueryValueEx(Regentry,host , NULL, &dwType,
(unsigned char*)&rezerva, &dwSize)!=ERROR_SUCCESS)
//if not in the restricted return 0; success
return 0;
else
//else terminate it
TerminateProcess(hProc, (UINT)lpExitCode);
}
}
//all we have to do now is call the next hook;
return CallNextHookEx(CBT,nCode,wParam,lParam);
}
这个防火墙非常强大,因为它过滤每个应用程序。加载它的程序非常简单,因为它只需要加载它。