I wrote a code to block an application used the MSDN code along with some glue code to get the code running. But it does not block the application. The filter is addressed at FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer.
But it does not block the application.
How do i block an application from using internet using WFP (like disabling messengers) ...
This is the code ..
#include "windows.h"
#include "winioctl.h"
#include "strsafe.h"
#ifndef _CTYPE_DISABLE_MACROS
#define _CTYPE_DISABLE_MACROS
#endif
#include "fwpmu.h"
#include "winsock2.h"
#include "ws2def.h"
#include <conio.h>
#include <stdio.h>
#define INITGUID
#include <guiddef.h>
static const GUID WFPSAMPLER_PROVIDER =
{
0x53504657,
0x6D61,
0x5F70,
{0x50, 0x72, 0x6F, 0x76, 0x69, 0x64, 0x65, 0x72}
};
static const GUID WFPSAMPLER_SUBLAYER =
{
0x53504657,
0x6D61,
0x5F70,
{0x53, 0x75, 0x62, 0x4C, 0x61, 0x79, 0x65, 0x72}
};
#define FILE_PATH L"%ProgramFiles%\\Windows Live\\Messenger\\msnmsgr.exe"
FWP_BYTE_BLOB *fwpApplicationByteBlob;
FWPM_FILTER0 fwpFilter;
FWPM_FILTER_CONDITION0 fwpConditions[4];
int conCount = 0;
DWORD result = ERROR_SUCCESS;
FWPM_SESSION session;
HANDLE engineHanle;
FWPM_PROVIDER provider;
FWPM_SUBLAYER sublayer;
void
RemoveFilter()
{
printf("Unloading Driver");
FwpmFilterDeleteById0(engineHanle, fwpFilter.filterId);
FwpmEngineClose0(engineHanle);
engineHanle=0;
return;
}
void FilterByApp()
{
session.displayData.name=L"My Session";
session.flags=FWPM_SESSION_FLAG_DYNAMIC;
provider.displayData.name=L"My Provider";
provider.providerKey=WFPSAMPLER_PROVIDER;
sublayer.displayData.name=L"My Sublayer";
sublayer.subLayerKey=WFPSAMPLER_SUBLAYER;
sublayer.providerKey=(GUID *)&WFPSAMPLER_PROVIDER;
fwpApplicationByteBlob = 0;
printf("Retrieving application identifier for filter testing.\n");
result = FwpmGetAppIdFromFileName0(FILE_PATH, &fwpApplicationByteBlob);
if (result != ERROR_SUCCESS)
{
printf("FwpmGetAppIdFromFileName failed (%d).\n", result);
return;
}
fwpConditions[conCount].fieldKey = FWPM_CONDITION_ALE_APP_ID;
fwpConditions[conCount].matchType = FWP_MATCH_EQUAL;
fwpConditions[conCount].conditionValue.type = FWP_BYTE_BLOB_TYPE;
fwpConditions[conCount].conditionValue.byteBlob = fwpApplicationByteBlob;
++conCount;
fwpConditions[conCount].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
fwpConditions[conCount].matchType = FWP_MATCH_EQUAL;
fwpConditions[conCount].conditionValue.type = FWP_UINT8;
fwpConditions[conCount].conditionValue.uint8 = IPPROTO_TCP;
++conCount;
memset(&fwpFilter, 0, sizeof(FWPM_FILTER0));
FwpmEngineOpen(0,
RPC_C_AUTHN_WINNT,
0,
&session,
&engineHanle);
fwpFilter.layerKey=FWPM_LAYER_ALE_AUTH_CONNECT_V4 ;
fwpFilter.subLayerKey=sublayer.subLayerKey;
fwpFilter.numFilterConditions = conCount;
fwpFilter.action.type= FWP_ACTION_BLOCK;
fwpFilter.filterCondition = fwpConditions;
FwpmTransactionBegin(engineHanle,0);
FwpmProviderAdd(engineHanle,&provider,0);
FwpmSubLayerAdd(engineHanle,&sublayer,0);
FwpmFilterAdd(engineHanle,&fwpFilter,0,&(fwpFilter.filterId));
FwpmTransactionCommit(engineHanle);
return;
}
DWORD
MonitorAppProcessArguments(__in int argc, __in_ecount(argc) PCSTR argv[])
{
DWORD result = ERROR_NOT_FOUND;
if (_stricmp(argv[1], "addfilter") == 0)
{
FilterByApp();
}
else if (_stricmp(argv[1], "delfilter") == 0)
{
RemoveFilter();
}
else
{
printf("ERROR IN ARGUMENTS");
}
return result;
}
void __cdecl main(__in int argc, __in_ecount(argc) PCSTR argv[])
{
MonitorAppProcessArguments(argc, argv);
return;
}
Please help me .....
Thanks .........
Submit an article or tip