GitHub/WinDivert
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: GitHub/WinDivert:v1.4.2
Branches Tags
GitHub/WinDivert:master GitHub/WinDivert:eth_layer GitHub/WinDivert:release-v2.2.1 GitHub/WinDivert:flow_layer GitHub/WinDivert:v1.1.8
GitHub/WinDivert:v2.2.2 GitHub/WinDivert:v2.2.1 GitHub/WinDivert:v2.2.0 GitHub/WinDivert:v2.1.0 GitHub/WinDivert:v2.0.1-rc GitHub/WinDivert:v2.0.0-rc GitHub/WinDivert:v1.4.3 GitHub/WinDivert:v1.4.2 GitHub/WinDivert:v1.4.1 GitHub/WinDivert:v1.4.0-rc GitHub/WinDivert:v1.3.0 GitHub/WinDivert:v1.1.8 GitHub/WinDivert:v1.2.0-rc GitHub/WinDivert:v1.1.7 GitHub/WinDivert:v1.1.6 GitHub/WinDivert:v1.1.5 GitHub/WinDivert:v1.1.4 GitHub/WinDivert:v1.1.3 GitHub/WinDivert:v1.1.2-rc GitHub/WinDivert:v1.1.1 GitHub/WinDivert:v1.1.0-rc
...
compare: GitHub/WinDivert:master
Branches Tags
GitHub/WinDivert:eth_layer GitHub/WinDivert:release-v2.2.1 GitHub/WinDivert:master GitHub/WinDivert:flow_layer GitHub/WinDivert:v1.1.8
GitHub/WinDivert:v2.2.2 GitHub/WinDivert:v2.2.1 GitHub/WinDivert:v2.2.0 GitHub/WinDivert:v2.1.0 GitHub/WinDivert:v2.0.1-rc GitHub/WinDivert:v2.0.0-rc GitHub/WinDivert:v1.4.3 GitHub/WinDivert:v1.4.2 GitHub/WinDivert:v1.4.1 GitHub/WinDivert:v1.4.0-rc GitHub/WinDivert:v1.3.0 GitHub/WinDivert:v1.1.8 GitHub/WinDivert:v1.2.0-rc GitHub/WinDivert:v1.1.7 GitHub/WinDivert:v1.1.6 GitHub/WinDivert:v1.1.5 GitHub/WinDivert:v1.1.4 GitHub/WinDivert:v1.1.3 GitHub/WinDivert:v1.1.2-rc GitHub/WinDivert:v1.1.1 GitHub/WinDivert:v1.1.0-rc

108 Commits
v1.4.2 ... master

Author SHA1 Message Date
basil00 97101072db Fix previous commit 8bda0af 
Fix #294

Previous commit was incomplete.
 2022-04-10 06:51:38 +08:00
basil00 8bda0aff7b Fix handling of FwpmTransaction*() errors. 
Fixes #294
 2022-04-09 09:49:45 +08:00
basil00 34b565de65 Merge pull request #296 from StalkR/patch-1 
windivert.html: fix 6.11 title: format not parse
 2022-02-23 11:24:31 +08:00
StalkR 90396ffa2b windivert.html: fix 6.11 title: format not parse 2022-02-15 19:35:18 +01:00
basil00 8cdddce6ac Send an ICMP(V6) message if the packet is too big 
Fix #278

The Miniport driver will reject any outbound
packet that is larger than the MTU.  However the
error flows back to the sending application as
an error code/condition, which is disrupted by
WinDivert, meaning the error is lost.

This change translates the error code into an
ICMP(V6) "packet too big" message, allowing for
the error to flow back to the origin in some
form.

This change required some refactoring.
 2021-10-22 07:34:23 +08:00
basil00 c26ec39465 Fix filter compiler test simplification logic 
Fix #285
 2021-09-25 07:23:08 +08:00
basil00 227a6b1e78 Fix #283 2021-09-11 07:09:51 +08:00
basil00 134dd37bd0 Insert all WinDivert sublayers at the max weight. 2020-09-03 08:12:39 +08:00
basil00 97056af256 Cleanup the provider code. 2020-06-26 08:53:18 +08:00
basil00 db674a6696 Merge pull request #241 from ruilisi/add_provider 
Install provider to pass HLK test
 2020-06-24 08:35:31 +08:00
Zhou Yicheng 32af280add Install provider to pass HLK test 2020-06-22 11:08:51 +08:00
basil00 091ffb3d49 Reformatting 2019-10-06 08:19:23 +08:00
basil00 aff111e44d Merge pull request #211 from zzzjim/fix-mcafee 
Inject on different handles for inbound/outbound
 2019-10-06 08:12:36 +08:00
zzzjim 160d983960 Inject on different handles for inbound/outbound 2019-10-04 19:11:25 -07:00
basil00 69b4620277 Log a system event on driver (un)load. 
This allows WinDivert to be detected without
using the REFLECT API.
 2019-10-04 08:57:30 +08:00
basil00 bcba321048 Fix another packet batch parsing bug. 
Extended/truncated logic was reversed.
 2019-10-03 05:02:37 +08:00
basil00 0c773bc08f Fix batch parsing bug. 2019-09-29 07:27:04 +08:00
basil00 eba2e59e3b Ensure RC file included in MSVC build. 2019-09-29 07:15:41 +08:00
basil00 951560d403 Modify WINDIVERTEXPORT so it can be static. 
For better static linking support.
 2019-08-31 08:49:56 +08:00
basil00 7dc1c5d54a Fix some compiler warnings. 2019-08-27 09:45:45 +08:00
basil00 a1173fe08f Coalesce filter interpreter implementations. 
Replace the dual kernel/user-mode filter
interpreters with a single shared implementation.
 2019-08-17 09:31:46 +08:00
basil00 a240329323 Add "fragment" to filter language. 
True if the packet is an IPv4/IPv6 fragment.
 2019-08-15 09:08:46 +08:00
basil00 317e6f1099 Implement new packet parser(s) for WinDivert. 
The new parser should better handle fragments
as well as be consistent with the kernel-mode
parser.  The new parser can also handle truncated
packets.
 2019-08-12 07:50:49 +08:00
basil00 6501bec357 Make release script use MSVC build. 2019-08-05 07:47:53 +08:00
basil00 194d9afa1e Towards WinDivert version 2.1 release. 
- inbounds/outbound now work for SOCKET layer.
- passthru.exe now uses MTU_MAX to prevent 122
  errors.
- Further header parsing code hardening.
- Fix bug where Reserved2 was not zeroed.
 2019-08-04 08:11:43 +08:00
basil00 69e4edade7 Add new WINDIVERT_FLAG_FRAGMENTS flag (fix #191). 
This flag only affects inbound packets at the
WINDIVERT_LAYER_NETWORK layer.

If set, the handle will capture IP fragments,
but not reassembled IP packets.

If unset (the default), the handle will capture
reassembled IP packets, but not IP fragments.
 2019-08-02 08:32:50 +08:00
basil00 6eb82d08e0 Fix WinDivert 2.0 driver bugs. 
- BSOD for incomplete transport headers (#202).
- Fix enforcement of wrong MTU.
- Fix missing endpoint handles for IPV6 flow
  layer.
 2019-07-31 08:46:01 +08:00
basil00 02541ce1da WinDivert 2.0.1-rc bugfix release. 2019-07-06 08:23:06 +08:00
basil00 db7f80d26d PACKET macro is also valid for the FORWARD layer. 2019-06-18 09:11:16 +08:00
basil00 cedb929873 Bug fixes. 
- Fix broken WinDivertCondExecFilter().  This
  caused some callouts to be needlessly installed.
- Fix broken WinDivertByteSwap128().
- Rename "Ipv6" -> "IPv6" to keep API consistent.
- Samples now use correct MTU.
 2019-06-15 07:31:56 +08:00
basil00 5d62e2a938 Add a Visual Studio build system (fix #118). 
Currently the VS build system targets VS2015, but
may also work for later versions (not tested).
To use:
- Download & install VS2015.
- Install WDK.
- Open a Developer Command Prompt.
- Run the msvc-build.bat script.
 2019-04-19 09:52:36 +08:00
basil00 8c4bbf31c6 Fix #175 2019-04-10 07:37:45 +08:00
basil00 cb6d09f094 Update WinDivert release build script. 2019-03-26 22:05:54 +08:00
basil00 40a22f0cf5 Fix #168 2019-03-21 19:25:46 +08:00
basil00 e306d0058b WinDivert filter language improvements. 
- Add "length" for total packet length.
- Add "timestamp" for timestamp filtering.
- All filter language numbers are now signed.
- Add new macros: TRUE, FALSE, TCP, UDP, ICMP &
  ICMPV6.
- Future-proof the WINDIVERT_FILTER struct.
 2019-03-15 08:01:10 +08:00
basil00 d29688ea83 Redesign the WinDivert SOCKET layer. 
- Socket (& flow) events are now associated with
  a endpointId/parentEndpointId pair that allows
  the tracking of socket operations.
- A single socket CLOSE event replaces the UNBIND
  and DISCONNECT events.
- A new flag addr.Sniffed indicates if the event
  was sniffed or not.  Some events (CLOSE) are
  always sniffed, regardless of the flags.
- All filter language numbers are now 128bit.
- socketdump.exe can now optionally block events.
 2019-03-13 08:33:12 +08:00
basil00 4289e7ec2b Fix 64/32 driver & DLL compatibility. 2019-03-11 07:27:00 +08:00
basil00 36b118b2b0 Fix WinDivert service management. 
DeleteService() must be called else the WinDivert
service will survive reboot.
 2019-03-09 07:04:34 +08:00
basil00 2307347070 Use C-string-friendly chars for filter objects. 2019-03-08 09:24:31 +08:00
basil00 3d4f52e2c0 Cleanup the passthru sample program. 2019-03-08 09:23:41 +08:00
basil00 1cc17786e8 Add boundary tests 2019-03-08 09:22:34 +08:00
basil00 a5e525d436 WinDivert driver refactoring + bug fixes. 2019-03-08 09:17:52 +08:00
basil00 8baeda9ec7 WinDivert documentation tweaks. 2019-03-06 09:34:07 +08:00
basil00 20382a9a75 Reverse order of WinDivert handle priorities. 
Higher values now correspond to higher
priorities.
 2019-03-06 09:08:48 +08:00
basil00 81ce9b7f87 Build script fixes. 2019-03-05 08:46:14 +08:00
basil00 ec83681601 Fix filter flags & test suite. 2019-03-05 08:21:39 +08:00
basil00 8fcb4313b6 WinDivert 2.0 API, service & documentation fixes. 
- Make WinDivertRecv() and WinDivertSend() arg
  ordering match the Ex versions.
- Put the WinDivertHelperParsePacket() protocol
  arg after the IP headers.
- WinDivert service handling is now protected by
  a mutex.
- Debug the "uninstall" command for windivertctl.
  It can now uninstall the WinDivert driver &
  not leave the WinDivert service in a "pending"
  state.
- Document WinDivert performance tips.
 2019-03-04 08:42:34 +08:00
basil00 0028aa6fff Add an "uninstall" option to windivertctl. 
This will kill all processes and uninstall the
WinDivert driver.
 2019-03-03 07:58:46 +08:00
basil00 85141a231c Fix passthru performance bugs. 
Using large fixed-size buffers adds significant
overheads.  Instead, scale the buffer to the
batch size.
 2019-03-03 07:56:44 +08:00
basil00 34652660f5 Fix WinDivert release build script. 2019-03-03 07:56:01 +08:00
basil00 45e0ea4e12 Fix 32bit build. 2019-03-02 08:31:51 +08:00
basil00 d0e8106158 Update copyright year. 2019-03-02 08:20:19 +08:00
basil00 bb67daf2da Update WinDivert documentation. 2019-03-02 08:12:51 +08:00
basil00 eb75e63431 Add WINDIVERT_PARAM_VERSION_* parameters. 
This makes it possible for the user application
to determine the exact driver version.

Also update documentation and tests.
 2019-02-28 09:23:08 +08:00
basil00 c084c8239b WinDivert security improvements. 
(1) WinDivert will now reference the PROCESS that
opened the handle, and will not deref until the
handle is closed & all corresponding REFLECT
events have been completed.  This means the OPEN
REFLECT event will always return a valid PID.

(2) The packet queue size now also accounts for
internal overheads.
 2019-02-27 08:57:10 +08:00
basil00 7fa04945c0 Various WinDivert improvements. 
- Add UNBIND/DISCONNECT events to the SOCKET
  layer.  These events can only be sniffed.
- Remove the RECV_PARTIAL flag.  The user
  application can just ignore the error code
  instead.
- WINDIVERT_ADDRESS is now 64bytes.  Some extra
  padding added for future-proofing.
- Ignore SOCKET-layer REAUTHORIZE.
- The REFLECT layer returns the filter object
  directly (no IPv4 "pseudo" packet).
 2019-02-25 09:15:33 +08:00
basil00 32c5aa90f4 Redesign the WinDivert IOCTL interface. 
The idea is to make future versions of the
WinDivert DLL compatible with older SYS and vice
versa.

The interface has also been streamlined so less
system calls are required when the handle is first
opened.
 2019-02-23 09:38:18 +08:00
basil00 e33cc74527 Remove overlapped I/O from streamdump. 
This just complicated the sample.  Furthermore,
it was unclear if the implementation was correct
anyway.
 2019-02-21 09:13:31 +08:00
basil00 18dfc50557 Fix broken INF files 2019-02-21 09:09:05 +08:00
basil00 b7860e3ff5 Add a new WinDivertHelperDecrementTTL() function. 
This function decrements the ip.TTL or
ipv6.HopLimit field.  For ipv4, it also updates
the checksum.

Also:
- Make WinDivertHelperParsePacket() work on a
  single packet unless the pNext parameters are
  provided.
- Update documentation.
 2019-02-20 07:57:40 +08:00
basil00 d38563a31f More minor API improvements. 
- Revert batching for
  WinDivertHelperCalcChecksums().
  All non-ParsePacket helper functions support a
  single packet only.  This is much simpler.
- WinDivertHelperCalcChecksums() now returns a
  simple BOOL.
- More WinDivertHelper*() functions set the error
  code.
 2019-02-18 08:44:16 +08:00
basil00 ab50ffebd5 Minor API improvements. 
- addr.Pseudo*Checksum flags replaced by simpler
  addr.*Checksum flags.
- WinDivertHelperParsePacket() can now handle
  batched packets.
- WinDivertHelperParsePacket() can now return the
  transport protocol.
- WinDivertHelperCalcChecksums() can now handle
  batched packets.
- WinDivertHelperCalcChecksums() now sets address
  checksum flags that were calculated.
- A bunch of WINDIVERT_* macros have been moved
  to windivert.h for windivert_device.h.
 2019-02-17 11:08:10 +08:00
basil00 42bf883096 Update WinDivert documentation. 
- Also partly modernize the html.
 2019-02-17 09:22:08 +08:00
basil00 ed90600d1d Update WinDivert documentation. 2019-02-16 09:47:04 +08:00
basil00 805661d6f3 Update WinDivert documentation. 2019-02-15 08:48:14 +08:00
basil00 8601f07ce1 Update WinDivert documentation. 2019-02-14 09:16:41 +08:00
basil00 ea366e80c2 Update WinDivert documentation. 2019-02-13 09:06:07 +08:00
basil00 6a0dd00e39 Update WinDivert documentation. 2019-02-12 08:14:00 +08:00
basil00 1496a0fe06 Document WinDivert layers 2019-02-11 10:13:52 +08:00
basil00 5c9b473873 Document WinDivert filter language fields. 2019-01-29 08:36:45 +08:00
basil00 fa9229820c Document WinDivertHelperCompileFilter(). 2019-01-27 08:50:41 +08:00
basil00 74b806d042 Document WinDivertShutdown() 2019-01-25 10:06:10 +08:00
basil00 f941045b0f Update WinDivert CHANGELOG for v2.0 2019-01-18 09:27:44 +08:00
basil00 3b31737673 Start updating the CHANGELOG for version 2.0 2019-01-17 10:08:18 +08:00
basil00 22a5ad0996 Expand test suite & fix bugs. 2018-11-28 08:28:38 +08:00
basil00 2e334c9133 Fix bignum bug & add more tests. 2018-11-25 09:47:27 +08:00
basil00 1c76a7c522 Improve WinDivert test suite. 
- More tests
- Monitor tests using REFLECT layer.
 2018-11-24 08:23:01 +08:00
basil00 ebe1af330b Add "priority" filtering for the REFLECT layer. 2018-11-24 08:00:17 +08:00
basil00 1c4075ed51 Add a recv "fast-path" to help reduce overheads. 
WinDivert will now process some packets in-band
if the queue is empty and there is a read
request.  When activated, this saves 1xcopy,
1x(de)allocation, and 1xcontext-switch, and
reduces latency from ~60usec to ~20usec on my
test system.
 2018-11-21 07:57:49 +08:00
basil00 af91071a79 Merge pull request #162 from basil00/flow_layer 
WinDivert 2.0
 2018-11-19 07:30:41 +08:00
basil00 29c6fda167 Improve & expand WinDivert test suite. 
- Include tests for random*.
- Include latency timings in microseconds.
- More tests.
 2018-11-19 07:21:54 +08:00
basil00 54e627e82b Add byte ordering helper functions to WinDivert. 
Some sample programs were linking to WinSock2
just for ntohl()/ntohs().  This dependency can
now be removed.
 2018-11-16 07:50:04 +08:00
basil00 8ff3c86330 Version tweaks. 2018-11-15 08:24:46 +08:00
basil00 edbe5ea942 Optimize based on event expressions. 
E.g., if "event == CONNECT" then do not install
a callout for LISTEN, etc.
 2018-11-15 07:58:44 +08:00
basil00 67ad628a1f Add pseudo-random pkt matching to WinDivert (#156) 
- Adds 3 new "pseudo-random" filter expressions:
  * random8 (8bit)
  * random16 (16bit)
  * random32 (32bit)
  Not really "random", but these values are based
  on a hash of the packet headers & timestamp.
  These are useful for traffic sampling, e.g.:
  "random8 < 100" matches ~39% of all packets.
- Add new WinDivertHelperHashPacket() helper
  function.  The algorithm is an xxHash variant.
 2018-11-14 09:40:17 +08:00
basil00 312050accb Add a new WinDivertShutdown() function (#156). 
This function allows the user application to
"shutdown" a handle in anticipation of a
call to WinDivertClose().  When a handle has
been shutdown, new packets will no longer be
queued.  However, existing queued packets can
still be read by WinDivertRecv().  When the
queue is emptied, WinDivertRecv() will fail
with ERROR_NO_DATA.

The WinDivertShutdown() function is analogous
to the shutdown() socket function.

This change also simplifies events.
 2018-11-11 09:44:24 +08:00
basil00 0a74b5528c Update driver and inf version information. 2018-11-09 07:29:05 +08:00
basil00 084c78e4af Code cleanup & improve const correctness in API. 2018-11-09 07:21:56 +08:00
basil00 33a461eef6 Add packet/payload matching to WinDivert (#156). 
Adds the follow terms to the filter language:
- packet[idx]: 8bit packet value at idx.
- packet16[idx]: 16bit packet value at idx.
- packet32[idx]: 32bit packet value at idx.
- PROTO.Payload[idx]: 8bit payload value at idx.
- PROTO.Payload16[idx]: 16bit payload value at
  idx.
- PROTO.Payload32[idx]: 32bit payload value at
  idx.
where PROTO is {tcp,udp}.

16 and 32bit values assume network byte ordering.

The index may be:
- An undecorated integer, in which case the
  packet or payload is treated as a 8/16/32bit
  value array, similar to C arrays.
- A 'b' decorated integer, (e.g, packet32[17b]),
  in which case the integer is interpreted as a
  byte offset.
- A negative (un)decorated integer, in which
  case indexing begins at the *end* of the
  packet or payload.  E.g., packet32[-1] is the
  last 32bits of the packet.

If the index is out-of-bounds, then the test
is deemed to be equivalent to "false".
 2018-11-07 07:54:32 +08:00
basil00 3e40705178 Fix address formatting in sample programs. 2018-11-05 09:44:25 +08:00
basil00 1ccf486132 Calculate full checksums for reinjected packets. 2018-11-04 08:47:39 +08:00
basil00 4f7ff88664 Add batched recv/send to WinDivert (#156). 
This change allows multiple packets to be
received/sent at once, reducing overheads.  To
exploit this feature, applications need to use
the WinDivertRecvEx()/WinDivertSendEx()
functions with the new addrLen parameter.  The
passthru example has been modified to use
batching.

The DEBUG flag has been retired since it
conflicts with batching, and was not very
useful anyway.
 2018-11-03 08:40:34 +08:00
basil00 3966ec1287 Add a WINDIVERT_FLAG_PARTIAL flag. 
This suppresses ERROR_INSUFFICIENT_BUFFER errors
if the passed buffer is too small.  Applications
can set this flag if they want to do partial
reads.
 2018-10-30 08:56:43 +08:00
basil00 fc868feb3e Add type-safe get-fixed-val routines. 
This prevents possible bsods when values are
missing.  Also add missing windivert_shared.c
file.
 2018-10-30 05:36:44 +08:00
basil00 de4245f95e Event & REFLECT layer fixes. 
- Make event bitwise-OR-able.
- Simplify event names.
- Fix REFLECT serialization.
  (setting AutomaticSerialization=TRUE does not
   work.)
- Preallocate REFLECT memory.
 2018-10-29 05:40:03 +08:00
basil00 316765aa92 Fix impostor packet checksums. 2018-10-27 06:52:14 +08:00
basil00 86db54b400 Move pseduo checksum calculation inside driver. 
This means WinDivertSend() no longer needs to
modify the packet and address buffers.  See #134.
 2018-10-26 10:38:35 +08:00
basil00 34e8f96910 Consistent naming for DATA structs. 2018-10-26 06:57:40 +08:00
basil00 5aa4fc3c46 Enable NX flag for MmGetSystemAddressForMdlSafe. 
See discussion in #128.
 2018-10-26 06:43:49 +08:00
basil00 fd75e6d42a Add a new SOCKET layer to WinDivert (see #156). 
Adds a new SOCKET layer for monitoring socket
events, such as BIND, LISTEN, CONNECT,
and ACCEPT.  These events occur before the
flow is established (and unlike the FLOW layer)
it is possible to block/drop SOCKET events.

Otherwise, this layer is very similar to the
FLOW layer, so the PID is available and injection
is not possible.  This commit should be
considered to be a WIP.

Other changes:
- New socketdump.exe sample.  Prints socket
  events.
- Improve IPv6 address parsing.
- New helper functions:
  * WinDivertHelperFormatIPv4Address
  * WinDivertHelperFormatIPv6Address
- Fix REFLECT bugs.
- The network 5-tuple can now be accessed at
  the NETWORK layer.
- Various cleanups.
 2018-10-25 10:25:41 +08:00
basil00 2ab1ddf1d2 Make it possible to filter based on events. 
E.g., "event == FLOW_ESTABLISHED".
 2018-10-22 08:38:12 +08:00
basil00 f0dd1224b1 Add a new REFLECT layer to WinDivert (see #156). 
Adds a new REFLECT layer for monitoring WinDivert
handles.  This includes:
- three new REFLECT events: ESTABLISHED, OPEN and
  CLOSE;
- modifying the ADDRESS for REFLECT data:
  open time, process-id, layer, flags, and
  priority of the opened handle; and
- allowing WinDivertRecv() to read a
  representation of the opened filter.

This change also includes a new "object"
representation for WinDivert filter strings.
The API has been updated as follows:
- WinDivertHelperCompileFilter (replaces
  CheckFilter) compiles filter strings into the
  object form; and
- WinDivertHelperFormatFilter can "decompile" an
  object back into a human-readable filter
  string.

Other:
- New NO_INSTALL flag.
- New windivertctl.exe sample program.
 2018-10-21 10:12:19 +08:00
basil00 6250568974 Add a new FLOW layer into WinDivert. 
Adds a new WINDIVERT_LAYER_FLOW layer that can:
- Track when flows are established
- Track when existing flows are deleted
 2018-09-30 09:07:16 +08:00
basil00 e82552153b Optimize pseudo checksum "calculation" 
Since pseudo checksums can now be arbitrary
values, the WinDivertHelperCalcChecksums function
no longer attempts to calculate the pseudo-
header checksum.
 2018-07-19 09:16:15 +08:00
basil00 822dca9c3f Use snprintf() instead of sprintf_s(). 
The latter does not seem to work for MINGW.
 2018-07-03 09:37:14 +08:00
basil00 8e44f26b0a Update README. 2018-07-03 09:17:28 +08:00
basil00 6ac22c1650 Retire MSVC-2012 and (non-driver) WDDK builds. 
The new MINGW build should be compatible with all
major compilers, including Visual Studio 201X.
 2018-07-02 19:23:49 +08:00
basil00 061535f7a3 Remove the WinDivert.dll dependency on MSVCRT*.dll 
The MSVCRT*.dll dependency has been removed by:
(1) using Win32 API equivalents where possible,
and (2) re-implementing some basic C runtime
functions.  This prevents multiple MSVCRTs from
being loaded at runtime (if the application uses
a different version than the DLL).  The new
WinDivert.dll only depends on KERNEL32.dll and
ADVAPI32.dll.

Furthermore, the MINGW build has been extended
to generate a WinDivert.lib import library file.
This means that the MINGW DLL can now be used
directly by Visual Studio (any version).
 2018-07-01 15:06:35 +08:00
58 changed files with 16237 additions and 5560 deletions
Expand all files Collapse all files
CHANGELOG
+187
View File
@@ -125,3 +125,190 @@ WinDivert 1.4.1
- Dual license WinDivert under LGPLv3 and GPLv2.
WinDivert 1.4.2
- Add workaround for pseudo checksum issue (see #134).
WinDivert 1.4.3
- WinDivert.dll no longer depends on MSVCRT*.dll.
WinDivert 2.0.0-rc
- Add 3 new layers:
* WINDIVERT_LAYER_FLOW for tracking network "flow" events.
* WINDIVERT_LAYER_SOCKET for tracking "socket" events.
* WINDIVERT_LAYER_REFLECT for tracking WinDivert events.
- WINDIVERT_ADDRESS has been re-factored as follows:
* addr.Layer: The WINDIVERT_LAYER_* value for the handle.
* addr.Event: A WINDIVERT_EVENT_* value representing the event (see
below).
* addr.Sniffed: Indicates that the event was sniffed.
* addr.Outbound: Replaces addr.Direction.
* addr.IPv6: Indicates an IPv6 packet.
* addr.Network.IfIdx: Replaces addr.IfIdx.
* addr.Network.SubIfIdx: Replaces addr.SubIfIdx.
* addr.Flow.EndpointId: The endpoint ID of the flow.
* addr.Flow.ParentEndpointId: The parent endpoint ID of the flow.
* addr.Flow.ProcessId: The ID of process that created the flow.
* addr.Flow.LocalAddr: The flow's local address.
* addr.Flow.RemoteAddr: The flow's remote address.
* addr.Flow.LocalPort: The flow's local port.
* addr.Flow.RemotePort: The flow's remote port.
* addr.Flow.Protocol: The flow's protocol.
* addr.Socket.EndpointId: The endpoint ID of the operation.
* addr.Socket.ParentEndpointId: The parent endpoint ID of the operation.
* addr.Socket.ProcessId: The ID of process that created the socket.
* addr.Socket.LocalAddr: The socket's local address.
* addr.Socket.RemoteAddr: The socket's remote address.
* addr.Socket.LocalPort: The socket's local port.
* addr.Socket.RemotePort: The socket's remote port.
* addr.Socket.Protocol: The socket's protocol.
* addr.Reflect.ProcessId: The ID of process that created opened the
handle.
* addr.Reflect.Timestamp: The timestamp of the handle.
* addr.Reflect.Layer: The layer of the handle.
* addr.Reflect.Flags: The flags of the handle.
* addr.Reflect.Priority: The priority of the handle.
- The addr.Event field can take the following values:
* WINDIVERT_EVENT_NETWORK_PACKET: (NETWORK/NETWORK_FORWARD layers) a new
packet was diverted.
* WINDIVERT_EVENT_FLOW_ESTABLISHED: (FLOW layer) a new flow is
established.
* WINDIVERT_EVENT_FLOW_DELETED: (FLOW layer) an existing flow is
deleted.
* WINDIVERT_EVENT_SOCKET_BIND: (SOCKET layer) a socket bind()
operation occurred.
* WINDIVERT_EVENT_SOCKET_CONNECT: (SOCKET layer) a socket connect()
operation occurred.
* WINDIVERT_EVENT_SOCKET_LISTEN: (SOCKET layer) a socket listen()
operation occurred.
* WINDIVERT_EVENT_SOCKET_ACCEPT: (SOCKET layer) a socket accept()
operation occurred.
* WINDIVERT_EVENT_SOCKET_CLOSE: (SOCKET layer) a socket endpoint is
closed.
* WINDIVERT_EVENT_REFLECT_OPEN: (REFLECT layer) a WinDivertOpen()
operation occurred.
* WINDIVERT_EVENT_REFLECT_CLOSE: (REFLECT layer) a WinDivertClose()
operation occurred.
- The WinDivert filter language has been expanded with new fields:
* event: The event value.
* timestamp: The event timestamp.
* endpointId: (FLOW/SOCKET layers) the endpoint ID.
* parentEndpointId: (FLOW/SOCKET layers) the parent endpoint ID.
* processId: (FLOW/SOCKET/REFLECT layers) the process ID.
* localAddr: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the local
address.
* localPort: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the local
port.
* remoteAddr: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the remote
address.
* remotePort: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the remote
port.
* protocol: (NETWORK/NETWORK_FORWARD/FLOW/SOCKET layers) the protocol.
* priority: (REFLECT layer) the handle's priority.
* layer: (REFLECT layer) the handle's layer.
* random8: (NETWORK/NETWORK_FORWARD layers) an 8-bit pseudo random
number.
* random16: (NETWORK/NETWORK_FORWARD layers) a 16-bit pseudo random
number.
* random32: (NETWORK/NETWORK_FORWARD layers) a 32-bit pseudo random
number.
* length: (NETWORK/NETWORK_FORWARD layers) the packet length.
* zero: The value "0".
- The WinDivert filter language can now address packet/payload data for
the NETWORK/NETWORK_FORWARD layers:
* packet[i]: the ith packet byte.
* packet16[i]: the ith packet 16bit word.
* packet32[i]: the ith packet 32bit word.
* tcp.payload[i]: the ith TCP payload byte.
* tcp.payload16[i]: the ith TCP 16bit word.
* tcp.payload32[i]: the ith TCP 32bit word.
* udp.payload[i]: the ith UDP payload byte.
* udp.payload16[i]: the ith UDP 16bit word.
* udp.payload32[i]: the ith UDP 32bit word.
The index (i) can be:
* An ordinary integer representing word addressing.
* A 'b' decorated integer representing byte-level addressing.
Furthermore, the index can be:
* Positive, representing addressing from the start of the
packet/payload.
* Negative, representing addressing from the end of the packet/payload.
- The WinDivert filter language now supports several symbolic values:
* PACKET: (NETWORK/NETWORK_FORWARD layers) equal to
WINDIVERT_EVENT_NETWORK_PACKET
* ESTABLISHED: (FLOW layer) equal to WINDIVERT_EVENT_FLOW_ESTABLISHED.
* DELETED: (FLOW LAYER) equal to WINDIVERT_EVENT_FLOW_DELETED.
* BIND: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_BIND.
* CONNECT: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_CONNECT.
* LISTEN: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_LISTEN.
* ACCEPT: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_ACCEPT.
WINDIVERT_LAYER_NETWORK_FORWARD.
* CLOSE: (SOCKET layer) equal to WINDIVERT_EVENT_SOCKET_CLOSE.
* OPEN: (REFLECT layer) equal to WINDIVERT_EVENT_REFLECT_OPEN.
* CLOSE: (REFLECT layer) equal to WINDIVERT_EVENT_REFLECT_CLOSE.
* NETWORK: (REFLECT layer) equal to WINDIVERT_LAYER_NETWORK.
* NETWORK_FORWARD: (REFLECT layer) equal to
* FLOW: (REFLECT layer) equal to WINDIVERT_LAYER_FLOW.
* SOCKET: (REFLECT layer) equal to WINDIVERT_LAYER_SOCKET.
* REFLECT: (REFLECT layer) equal to WINDIVERT_LAYER_REFLECT.
* TRUE: equal to 1.
* FALSE: equal to 0.
* TCP: equal to IPPROTO_TCP (6).
* UDP: equal to IPPROTO_UDP (17).
* ICMP: equal to IPPROTO_ICMP (1).
* ICMPV6: equal to IPPROTO_ICMPV6 (58).
- WinDivertOpen() now supports several new flags:
* WINDIVERT_FLAG_RECV_ONLY/WINDIVERT_FLAG_READ_ONLY: The handle cannot
be used for send operations.
* WINDIVERT_FLAG_SEND_ONLY/WINDIVERT_FLAG_WRITE_ONLY: The handle cannot
be used for receive operations.
* WINDIVERT_FLAG_NO_INSTALL: If the WinDivert driver is not already
installed/loaded, then WinDivertOpen() will fail with an error.
- WinDivertRecvEx()/WinDivertSendEx() now support a "batch" mode that
allows more than one packet to be received/sent at once. The number
of packets is determined by a new pAddrLen/addrLen parameter.
- Add a new WinDivertShutdown() function that supports the following
modes:
* WINDIVERT_SHUTDOWN_RECV: Disable the queuing new packets.
* WINDIVERT_SHUTDOWN_SEND: Disable the sending of new packets.
* WINDIVERT_SHUTDOWN_BOTH: Equivalent to
(WINDIVERT_SHUTDOWN_RECV | WINDIVERT_SHUTDOWN_SEND).
- Add new "read-only" WinDivert parameters:
* WINDIVERT_PARAM_VERSION_MAJOR: Driver version (major).
* WINDIVERT_PARAM_VERSION_MINOR: Driver version (minor).
- Add a new WinDivertHelperHashPacket() helper function that calculates
a 64bit hash value of a packet.
- Add new WinDivertHelperFormatIPv4Address() and
WinDivertHelperFormatIPv6Address() helper functions that format
IPv4 and IPv6 addresses respectively.
- Replace WinDivertHelperCheckFilter() with a new
WinDivertHelperCompileFilter() helper function. The latter can also be
used to compile a human-readable filter string into a more compact
"object" format. The object format can be used in place of the
human readable format for all WinDivert operations.
- Add a new WinDivertHelperFormatFilter() helper function that formats a
filter string into a normalized form. It also can be used to
"de-compile" the object format into a human readable form.
- Add a new WinDivertHelperDecrementTTL() function that decrements the
ip.TTL/ipv6.HopLimit field of a packet.
- Add new WinDivertHelperNto*()/WinDivertHelperHton*() helper functions
for swapping from network to host byte ordering, and vice versa.
- WinDivertOpen() priorities now are ascending, meaning that higher
values correspond to higher priorities.
- The last two arguments for WinDivertRecv() and WinDivertSend() have been
swapped.
WinDivert 2.0.1-rc
- Fix WFP callout install optimization bug.
- Fix WinDivertHelperNtohIpv6Address/WinDivertHelperHtonIpv6Address bug.
- Rename the following functions for consistency:
* WinDivertHelperNtohIpv6Address -> WinDivertHelperNtohIPv6Address
* WinDivertHelperHtonIpv6Address -> WinDivertHelperHtonIPv6Address
WinDivert 2.1.0
- WinDivertOpen() now supports a new flag:
* WINDIVERT_FLAG_FRAGMENTS: If set, the handle will capture inbound IP
fragments, but not inbound reassembled IP packets. Otherwise, if not
set (the default), the handle will capture inbound reassembled IP
packets, but not inbound IP fragments. This flag only affects
inbound packets at the NETWORK layer.
- Filter fields inbound/outbound are now supported at the SOCKET layer.
- Fix BSOD caused by packets with missing or incomplete transport
headers (introduced in 2.0.0).
- Fix missing Flow.EndpointId and Flow.ParentEndpointId for IPv6 flows.
WinDivert 2.2.0
- Implement new packet parser that correctly handles IP fragments.
- Add a new "fragment" filter field that matches IP fragments.
- (Un)Loading the WinDivert driver will cause a system event to be logged.
LICENSE
+3 -3
View File
@@ -1,6 +1,6 @@
WinDivert is dual-licensed, and is available under the GNU Lesser General
Public License (LGPL) Version 3 or the GNU General Public License (GPL)
Version 2. Copies of the LGPLv3, GPLv3 and GPLv2 are provided below.
WinDivert is dual-licensed under your choice of the GNU Lesser General Public
License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2.
Copies of the LGPLv3, GPLv3 and GPLv2 are provided below.
==============================================================================
README
+28 -62
View File
@@ -1,24 +1,23 @@
WinDivert 1.4: Windows Packet Divert
WinDivert 2.2: Windows Packet Divert
====================================
1. Introduction
---------------
Windows Packet Divert (WinDivert) is a user-mode packet capture-and-divert
package for Windows Vista, Windows 2008, Windows 7, Windows 8 and Windows 10.
Windows Packet Divert (WinDivert) is a user-mode packet interception library
for Windows 7, Windows 8 and Windows 10.
WinDivert allows user-mode programs to capture/modify/drop network packets
sent to/from the Windows network stack.
In summary, WinDivert can
WinDivert enables user-mode capturing/modifying/dropping of network packets
sent to/from the Windows network stack. In summary, WinDivert can:
- capture network packets
- filter/drop network packets
- sniff network packets
- (re)inject network packets
- modify network packets
WinDivert can be used to implement user-mode packet filters, packet sniffers,
firewalls, NAT, VPNs, tunneling applications, etc., etc..
WinDivert can be used to implement user-mode packet filters, sniffers,
firewalls, NATs, VPNs, IDSs, tunneling applications, etc..
The features of WinDivert include:
WinDivert supports the following features:
- packet interception, sniffing, or dropping modes
- support for loopback (localhost) traffic
- full IPv6 support
@@ -27,23 +26,11 @@ The features of WinDivert include:
- high-level filtering language
- filter priorities
- freely available under the terms of the GNU Lesser General Public
License (LGPL)
License (LGPLv3)
For more information about WinDivert, see doc/windivert.html
For more information see doc/windivert.html
2. Similar Packages
-------------------
WinDivert is similar to divert sockets in FreeBSD/MacOS, NETLINK sockets in
Linux, and some commercial packet capturing packages such as WinPkFilter for
Windows. The design of WinDivert is largely influenced by FreeBSD's divert
sockets.
WinDivert in packet-sniffing mode is similar to Winpcap. Unlike Winpcap,
WinDivert fully supports capturing loopback traffic. Furthermore, WinDivert
supports packet interception, which is not supported in Winpcap.
3. Architecture
2. Architecture
---------------
The basic architecture of WinDivert is as follows:
@@ -68,58 +55,37 @@ The basic architecture of WinDivert is as follows:
| |
+---------------+
The WinDivert.sys driver is inserted below the Windows network stack. The
following then happens
The WinDivert.sys driver is installed below the Windows network stack. The
following actions occur:
(1) a new packet enters the network stack and is intercepted by WinDivert.sys
(2a) if the packet matches a PROGRAM-defined filter, it is diverted. The
PROGRAM reads the packet with a call to the WinDivertRecv() function.
(2b) if the packet does not match the filter, the packet is permitted to
continue as normal.
(3) PROGRAM either drops, modifies, or re-injects the packet. If the
(modified) packet is re-injected, via a call to WinDivertSend(), it is
inserted back into the Windows network stack.
(1) A new packet enters the network stack and is intercepted by WinDivert.sys
(2a) If the packet matches the PROGRAM-defined filter, it is diverted. The
PROGRAM can then read the packet using a call to WinDivertRecv().
(2b) If the packet does not match the filter, the packet continues as normal.
(3) PROGRAM either drops, modifies, or re-injects the packet. PROGRAM can
re-inject the (modified) using a call to WinDivertSend().
4. Building
-----------
(1) In a WinDDK build environment, run the command:
wddk-build.bat
(2) [OPTIONAL Visual Studio 2012 support] In a VS2012 command prompt, run the
command:
msvc-build.bat
(3) [OPTIONAL MinGW support] In Linux with MinGW a cross-compiler, run the
command:
sh mingw-build.sh
For more detailed build instructions, see doc\windivert.html
5. License
3. License
----------
WinDivert is dual-licensed, and is available under the GNU Lesser General
Public License (LGPL) Version 3 or the GNU General Public License (GPL)
Version 2. See the LICENSE file for more information.
WinDivert is dual-licensed under your choice of the GNU Lesser General Public
License (LGPL) Version 3 or the GNU General Public License (GPL) Version 2.
See the LICENSE file for more information.
6. About
4. About
--------
WinDivert was written by basil.
For further information, or bug reports, please contact
For further information, or bug reports, please contact:
basil AT reqrypt DOT org
basil@reqrypt.org
The homepage for WinDivert is
The homepage for WinDivert is:
https://reqrypt.org/windivert.html
The source code for WinDivert is hosted by GitHub at
The source code for WinDivert is hosted by GitHub at:
https://github.com/basil00/Divert
VERSION
+1 -1
View File
@@ -1 +1 @@
1.4.2
2.2.0
dirs
+2 -4
View File
@@ -1,4 +1,2 @@
DIRS= \
dll \
examples \
sys
DIRS= \
sys
dll/Makefile
-1
View File
@@ -1 +0,0 @@
!INCLUDE $(NTMAKEENV)\makefile.def
dll/sources
-17
View File
@@ -1,17 +0,0 @@
TARGETNAME=WinDivert
TARGETTYPE=DYNLINK
TARGETPATH=..\install\WDDK
TARGETLIBS=\
$(SDK_LIB_PATH)\advapi32.lib \
$(SDK_LIB_PATH)\setupapi.lib \
$(SDK_LIB_PATH)\user32.lib \
$(SDK_LIB_PATH)\kernel32.lib \
$(SDK_LIB_PATH)\ws2_32.lib
C_DEFINES=/DWIN32 /D_WINDOWS /D_USRDLL /DUSE_STDAFX /DUNICODE /D_UNICODE
DLLENTRY=WinDivertDllEntry
DLLDEF=windivert.def
USE_MSVCRT=1
INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\include
SOURCES=windivert.c
dll/windivert.c
+493 -548
View File
File diff suppressed because it is too large Load Diff
dll/windivert.def
+17 -2
View File
@@ -1,17 +1,32 @@
LIBRARY WinDivert
EXPORTS
WinDivertDllEntry
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertShutdown
WinDivertClose
WinDivertSetParam
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperDecrementTTL
WinDivertHelperHashPacket
WinDivertHelperParsePacket
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperCheckFilter
WinDivertHelperFormatIPv4Address
WinDivertHelperFormatIPv6Address
WinDivertHelperCompileFilter
WinDivertHelperEvalFilter
WinDivertHelperFormatFilter
WinDivertHelperNtohs
WinDivertHelperHtons
WinDivertHelperNtohl
WinDivertHelperHtonl
WinDivertHelperNtohll
WinDivertHelperHtonll
WinDivertHelperNtohIPv6Address
WinDivertHelperHtonIPv6Address
WinDivertHelperNtohIpv6Address
WinDivertHelperHtonIpv6Address
dll/windivert.vcxproj
+84 -61
View File
@@ -1,61 +1,84 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup>
<ConfigurationType>DynamicLibrary</ConfigurationType>
<TARGETNAME>WinDivert</TARGETNAME>
<Configuration>Release</Configuration>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<ModuleDefinitionFile>windivert.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'">
<UseDebugLibraries>True</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'">
<UseDebugLibraries>False</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
<ItemGroup>
<ClCompile Include="windivert.c"/>
</ItemGroup>
<ItemGroup>
<None Include="windivert.def"/>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
</Project>
<?xml version="1.0" encoding="utf-8"?>
<!--
windivert.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="windivert.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<BufferSecurityCheck>false</BufferSecurityCheck>
<AdditionalIncludeDirectories>..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>WinDivert</RootNamespace>
<ProjectName>WinDivert</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<UseDebugLibraries>true</UseDebugLibraries>
<ConfigurationType>DynamicLibrary</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<ClCompile>
<WppEnabled>false</WppEnabled>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">WIN32;NDEBUG;_WINDOWS;_USRDLL;DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">WIN32;NDEBUG;_WINDOWS;_USRDLL;DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
<EntryPointSymbol>WinDivertDllEntry</EntryPointSymbol>
<AdditionalDependencies>%(AdditionalDependencies)</AdditionalDependencies>
<IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
<ModuleDefinitionFile>windivert.def</ModuleDefinitionFile>
<ImportLibrary>WinDivert.lib</ImportLibrary>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
dll/windivert_hash.c
+203
View File
@@ -0,0 +1,203 @@
/*
* windivert_hash.c
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
* WinDivert is free software: you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* WinDivert is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., 51
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* xxHash - Fast Hash algorithm
* Copyright (C) 2012-2016, Yann Collet
*
* BSD 2-Clause License (http://www.opensource.org/licenses/bsd-license.php)
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following disclaimer
* in the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* This is a modified version of the 64bit xxHash algorithm:
* - The algorithm is seeded with packet data rather than the single 64bit
* "seed" value.
* - The input sized is fixed to 32bytes (excluding the seed), so there is
* only ever a single round. As such, the algorithm has been specialized.
*/
#define WINDIVERT_ROTL64(x, r) (((x) << (r)) | ((x) >> (64 - (r))))
static const UINT64 WINDIVERT_PRIME64_1 = 11400714785074694791ull;
static const UINT64 WINDIVERT_PRIME64_2 = 14029467366897019727ull;
static const UINT64 WINDIVERT_PRIME64_3 = 1609587929392839161ull;
static const UINT64 WINDIVERT_PRIME64_4 = 9650029242287828579ull;
static UINT64 WinDivertXXH64Round(UINT64 acc, UINT64 input)
{
acc += WINDIVERT_MUL64(input, WINDIVERT_PRIME64_2);
acc = WINDIVERT_ROTL64(acc, 31);
acc = WINDIVERT_MUL64(acc, WINDIVERT_PRIME64_1);
return acc;
}
static UINT64 WinDivertXXH64MergeRound(UINT64 acc, UINT64 val)
{
val = WinDivertXXH64Round(0, val);
acc ^= val;
acc = WINDIVERT_MUL64(acc, WINDIVERT_PRIME64_1) + WINDIVERT_PRIME64_4;
return acc;
}
static UINT64 WinDivertXXH64Avalanche(UINT64 h64)
{
h64 ^= h64 >> 33;
h64 = WINDIVERT_MUL64(h64, WINDIVERT_PRIME64_2);
h64 ^= h64 >> 29;
h64 = WINDIVERT_MUL64(h64, WINDIVERT_PRIME64_3);
h64 ^= h64 >> 32;
return h64;
}
/*
* WinDivert packet hash function.
*/
static UINT64 WinDivertHashPacket(UINT64 seed,
const WINDIVERT_IPHDR *ip_header, const WINDIVERT_IPV6HDR *ipv6_header,
const WINDIVERT_ICMPHDR *icmp_header,
const WINDIVERT_ICMPV6HDR *icmpv6_header,
const WINDIVERT_TCPHDR *tcp_header, const WINDIVERT_UDPHDR *udp_header)
{
UINT64 h64, v1, v2, v3, v4, v[4];
const UINT64 *data64;
const UINT32 *data32;
UINT i;
static const UINT64 padding64[] = // SHA2 IV
{
0x428A2F9871374491ull, 0xB5C0FBCFE9B5DBA5ull, 0x3956C25B59F111F1ull,
0x923F82A4AB1C5ED5ull, 0xD807AA9812835B01ull, 0x243185BE550C7DC3ull,
0x72BE5D7480DEB1FEull, 0x9BDC06A7C19BF174ull, 0xE49B69C1EFBE4786ull,
};
// Set-up seed & data
v1 = seed ^ padding64[0];
if (ip_header != NULL)
{
data64 = (const UINT64 *)ip_header;
v2 = data64[0] ^ padding64[1];
v3 = data64[1] ^ padding64[2];
data32 = (const UINT32 *)ip_header;
v4 = (UINT64)data32[4] ^ padding64[3];
i = 0;
}
else if (ipv6_header != NULL)
{
data64 = (const UINT64 *)ipv6_header;
v2 = data64[0] ^ padding64[1];
v3 = data64[1] ^ padding64[2];
v4 = data64[2] ^ padding64[3];
v[0] = data64[3] ^ padding64[4];
v[1] = data64[4] ^ padding64[5];
i = 2;
}
else
return 0;
if (tcp_header != NULL)
{
data64 = (const UINT64 *)tcp_header;
v[i] = data64[0] ^ padding64[i+4]; i++;
v[i] = data64[1] ^ padding64[i+4]; i++;
data32 = (const UINT32 *)tcp_header;
if (i <= 3)
{
v[i] = (UINT64)data32[4] ^ padding64[i+4]; i++;
}
else
{
v2 ^= ((UINT64)data32[4] << 32);
}
}
else
{
if (udp_header != NULL)
{
data64 = (const UINT64 *)udp_header;
v[i] = data64[0] ^ padding64[i+4]; i++;
}
else if (icmp_header != NULL)
{
data64 = (const UINT64 *)icmp_header;
v[i] = data64[0] ^ padding64[i+4]; i++;
}
else if (icmpv6_header != NULL)
{
data64 = (const UINT64 *)icmpv6_header;
v[i] = data64[0] ^ padding64[i+4]; i++;
}
}
while (i <= 3)
{
v[i] = seed ^ padding64[i+4]; i++;
}
// Hash
v1 = WinDivertXXH64Round(v[0], v1);
v2 = WinDivertXXH64Round(v[1], v2);
v3 = WinDivertXXH64Round(v[2], v3);
v4 = WinDivertXXH64Round(v[3], v4);
h64 = WINDIVERT_ROTL64(v1, 1) + WINDIVERT_ROTL64(v2, 7) +
WINDIVERT_ROTL64(v3, 12) + WINDIVERT_ROTL64(v4, 18);
h64 = WinDivertXXH64MergeRound(h64, v1);
h64 = WinDivertXXH64MergeRound(h64, v2);
h64 = WinDivertXXH64MergeRound(h64, v3);
h64 = WinDivertXXH64MergeRound(h64, v4);
h64 += 32; // "length"
h64 = WinDivertXXH64Avalanche(h64);
return h64;
}
dll/windivert_helper.c
+3143 -1296
View File
File diff suppressed because it is too large Load Diff
dll/windivert_shared.c
+1738
View File
File diff suppressed because it is too large Load Diff
doc/windivert.html
+2120 -767
View File
File diff suppressed because it is too large Load Diff
examples/dirs
-6
View File
@@ -1,6 +0,0 @@
DIRS= \
netdump \
netfilter \
passthru \
webfilter \
streamdump
examples/flowtrack/flowtrack.c
+321
View File
@@ -0,0 +1,321 @@
/*
* flowtrack.c
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
* WinDivert is free software: you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* WinDivert is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., 51
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
* DESCRIPTION:
*
* usage: flowtrack.exe [filter]
*/
#include <winsock2.h>
#include <windows.h>
#include <psapi.h>
#include <shlwapi.h>
#include <stdio.h>
#include <stdlib.h>
#include "windivert.h"
#define MAX_FLOWS 256
#define INET6_ADDRSTRLEN 45
/*
* Flow tracking.
*/
typedef struct FLOW
{
WINDIVERT_ADDRESS addr;
struct FLOW *next;
} FLOW, *PFLOW;
static HANDLE lock;
static PFLOW flows = NULL;
/*
* Draw flows to console in a delayed loop.
*
* This function does minimal error checking.
*/
static DWORD draw(LPVOID arg)
{
const COORD top_left = {0, 0};
HANDLE process, console = GetStdHandle(STD_OUTPUT_HANDLE);
CONSOLE_SCREEN_BUFFER_INFO screen;
char path[MAX_PATH+1];
char addr_str[INET6_ADDRSTRLEN+1];
char *filename;
const char header[] = "PID PROGRAM PROT FLOW";
DWORD rows, columns, written, fill_len, path_len, i;
PFLOW flow;
WINDIVERT_ADDRESS addrs[MAX_FLOWS], *addr;
UINT num_addrs;
while (TRUE)
{
GetConsoleScreenBufferInfo(console, &screen);
SetConsoleCursorPosition(console, top_left);
rows = screen.srWindow.Bottom - screen.srWindow.Top + 1;
columns = screen.srWindow.Right - screen.srWindow.Left + 1;
// Copy a snapshot of the current flows:
WaitForSingleObject(lock, INFINITE);
flow = flows;
num_addrs = 0;
for (i = 0; flow != NULL && i < rows && i < MAX_FLOWS; i++)
{
memcpy(&addrs[i], &flow->addr, sizeof(addrs[i]));
num_addrs++;
flow = flow->next;
}
ReleaseMutex(lock);
// Print the flows:
SetConsoleTextAttribute(console, BACKGROUND_RED | BACKGROUND_GREEN |
BACKGROUND_BLUE);
WriteConsole(console, header, sizeof(header)-1, &written, NULL);
fill_len = columns - (sizeof(header)-1);
if (fill_len > 0)
{
COORD pos = {sizeof(header)-1, 0};
FillConsoleOutputCharacterA(console, ' ', fill_len, pos,
&written);
FillConsoleOutputAttribute(console,
BACKGROUND_RED | BACKGROUND_GREEN | BACKGROUND_BLUE,
fill_len, pos, &written);
}
putchar('\n');
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
for (i = 0; i < num_addrs && i < rows-1; i++)
{
COORD pos = {0, i+1};
addr = &addrs[i];
FillConsoleOutputCharacterA(console, ' ', columns, pos, &written);
FillConsoleOutputAttribute(console,
FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_BLUE,
columns, pos, &written);
SetConsoleCursorPosition(console, pos);
if (i == rows-2 && (i+1) < num_addrs)
{
fputs("...", stdout);
fflush(stdout);
continue;
}
printf("%-10d ", addr->Flow.ProcessId);
process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
addr->Flow.ProcessId);
path_len = 0;
if (process != NULL)
{
path_len = GetProcessImageFileName(process, path, sizeof(path));
CloseHandle(process);
}
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
if (path_len != 0)
{
filename = PathFindFileName(path);
printf("%-20.20s ", filename);
}
else if (addr->Flow.ProcessId == 4)
{
fputs("Windows ", stdout);
}
else
{
fputs("??? ", stdout);
}
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
switch (addr->Flow.Protocol)
{
case IPPROTO_TCP:
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
printf("TCP ");
break;
case IPPROTO_UDP:
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN);
printf("UDP ");
break;
case IPPROTO_ICMP:
SetConsoleTextAttribute(console, FOREGROUND_RED);
printf("ICMP ");
break;
case IPPROTO_ICMPV6:
SetConsoleTextAttribute(console, FOREGROUND_RED);
printf("ICMPV6 ");
break;
default:
printf("%-6u ", addr->Flow.Protocol);
break;
}
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
WinDivertHelperFormatIPv6Address(addr->Flow.LocalAddr, addr_str,
sizeof(addr_str));
printf("%s:%u %s ", addr_str, addr->Flow.LocalPort,
(addr->Outbound? "---->": "<----"));
WinDivertHelperFormatIPv6Address(addr->Flow.RemoteAddr, addr_str,
sizeof(addr_str));
printf("%s:%u", addr_str, addr->Flow.RemotePort);
fflush(stdout);
}
for (; i < rows-1; i++)
{
COORD pos = {0, i+1};
FillConsoleOutputCharacterA(console, ' ', columns, pos, &written);
FillConsoleOutputAttribute(console,
FOREGROUND_GREEN | FOREGROUND_RED | FOREGROUND_BLUE,
columns, pos, &written);
}
Sleep(1000);
}
}
/*
* Entry.
*/
int __cdecl main(int argc, char **argv)
{
HANDLE handle, thread;
INT16 priority = 776; // Arbitrary.
const char *filter = "true", *err_str;
UINT packet_len;
WINDIVERT_ADDRESS addr;
PFLOW flow, prev;
switch (argc)
{
case 1:
break;
case 2:
filter = argv[1];
break;
default:
fprintf(stderr, "usage: %s [filter]\n", argv[0]);
exit(EXIT_FAILURE);
}
// Open WinDivert FLOW handle:
handle = WinDivertOpen(filter, WINDIVERT_LAYER_FLOW, priority,
WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_RECV_ONLY);
if (handle == INVALID_HANDLE_VALUE)
{
if (GetLastError() == ERROR_INVALID_PARAMETER &&
!WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_FLOW,
NULL, 0, &err_str, NULL))
{
fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
exit(EXIT_FAILURE);
}
fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
// Spawn the draw() thread.
lock = CreateMutex(NULL, FALSE, NULL);
thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)draw, NULL, 0,
NULL);
if (thread == NULL)
{
fprintf(stderr, "error: failed to create thread (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
CloseHandle(thread);
// Main loop:
while (TRUE)
{
if (!WinDivertRecv(handle, NULL, 0, NULL, &addr))
{
fprintf(stderr, "failed to read packet (%d)\n", GetLastError());
continue;
}
switch (addr.Event)
{
case WINDIVERT_EVENT_FLOW_ESTABLISHED:
// Flow established:
flow = (PFLOW)malloc(sizeof(FLOW));
if (flow == NULL)
{
fprintf(stderr, "error: failed to allocate memory\n");
exit(EXIT_FAILURE);
}
memcpy(&flow->addr, &addr, sizeof(flow->addr));
WaitForSingleObject(lock, INFINITE);
flow->next = flows;
flows = flow;
ReleaseMutex(lock);
break;
case WINDIVERT_EVENT_FLOW_DELETED:
// Flow deleted:
prev = NULL;
WaitForSingleObject(lock, INFINITE);
flow = flows;
while (flow != NULL)
{
if (memcmp(&addr.Flow, &flow->addr.Flow,
sizeof(addr.Flow)) == 0)
{
if (prev != NULL)
{
prev->next = flow->next;
}
else
{
flows = flow->next;
}
break;
}
prev = flow;
flow = flow->next;
}
ReleaseMutex(lock);
free(flow);
}
}
return 0;
}
examples/flowtrack/flowtrack.vcxproj
+73
View File
@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
flowtrack.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="flowtrack.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>flowtrack</RootNamespace>
<ProjectName>flowtrack</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/netdump/Makefile
-1
View File
@@ -1 +0,0 @@
!INCLUDE $(NTMAKEENV)\makefile.def
examples/netdump/netdump.c
+47 -40
View File
@@ -1,6 +1,6 @@
/*
* netdump.c
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -41,7 +41,6 @@
*
*/
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
@@ -49,7 +48,11 @@
#include "windivert.h"
#define MAXBUF 0xFFFF
#define ntohs(x) WinDivertHelperNtohs(x)
#define ntohl(x) WinDivertHelperNtohl(x)
#define MAXBUF WINDIVERT_MTU_MAX
#define INET6_ADDRSTRLEN 45
/*
* Entry.
@@ -68,6 +71,9 @@ int __cdecl main(int argc, char **argv)
PWINDIVERT_ICMPV6HDR icmpv6_header;
PWINDIVERT_TCPHDR tcp_header;
PWINDIVERT_UDPHDR udp_header;
UINT32 src_addr[4], dst_addr[4];
UINT64 hash;
char src_str[INET6_ADDRSTRLEN+1], dst_str[INET6_ADDRSTRLEN+1];
const char *err_str;
LARGE_INTEGER base, freq;
double time_passed;
@@ -96,12 +102,12 @@ int __cdecl main(int argc, char **argv)
// Divert traffic matching the filter:
handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, priority,
WINDIVERT_FLAG_SNIFF);
WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_FRAGMENTS);
if (handle == INVALID_HANDLE_VALUE)
{
if (GetLastError() == ERROR_INVALID_PARAMETER &&
!WinDivertHelperCheckFilter(argv[1], WINDIVERT_LAYER_NETWORK,
&err_str, NULL))
!WinDivertHelperCompileFilter(argv[1], WINDIVERT_LAYER_NETWORK,
NULL, 0, &err_str, NULL))
{
fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
exit(EXIT_FAILURE);
@@ -112,18 +118,27 @@ int __cdecl main(int argc, char **argv)
}
// Max-out the packet queue:
if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LEN, 8192))
if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LENGTH,
WINDIVERT_PARAM_QUEUE_LENGTH_MAX))
{
fprintf(stderr, "error: failed to set packet queue length (%d)\n",
GetLastError());
exit(EXIT_FAILURE);
}
if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME, 2048))
if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME,
WINDIVERT_PARAM_QUEUE_TIME_MAX))
{
fprintf(stderr, "error: failed to set packet queue time (%d)\n",
GetLastError());
exit(EXIT_FAILURE);
}
if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_SIZE,
WINDIVERT_PARAM_QUEUE_SIZE_MAX))
{
fprintf(stderr, "error: failed to set packet queue size (%d)\n",
GetLastError());
exit(EXIT_FAILURE);
}
// Set up timing:
QueryPerformanceFrequency(&freq);
@@ -133,7 +148,7 @@ int __cdecl main(int argc, char **argv)
while (TRUE)
{
// Read a matching packet.
if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
{
fprintf(stderr, "warning: failed to read packet (%d)\n",
GetLastError());
@@ -141,9 +156,9 @@ int __cdecl main(int argc, char **argv)
}
// Print info about the matching packet.
WinDivertHelperParsePacket(packet, packet_len, &ip_header,
&ipv6_header, &icmp_header, &icmpv6_header, &tcp_header,
&udp_header, NULL, NULL);
WinDivertHelperParsePacket(packet, packet_len, &ip_header, &ipv6_header,
NULL, &icmp_header, &icmpv6_header, &tcp_header, &udp_header, NULL,
NULL, NULL, NULL);
if (ip_header == NULL && ipv6_header == NULL)
{
fprintf(stderr, "warning: junk packet\n");
@@ -154,57 +169,49 @@ int __cdecl main(int argc, char **argv)
SetConsoleTextAttribute(console, FOREGROUND_RED);
time_passed = (double)(addr.Timestamp - base.QuadPart) /
(double)freq.QuadPart;
hash = WinDivertHelperHashPacket(packet, packet_len, 0);
printf("Packet [Timestamp=%.8g, Direction=%s IfIdx=%u SubIfIdx=%u "
"Loopback=%u]\n",
time_passed, (addr.Direction == WINDIVERT_DIRECTION_OUTBOUND?
"outbound": "inbound"), addr.IfIdx, addr.SubIfIdx,
addr.Loopback);
"Loopback=%u Hash=0x%.16llX]\n",
time_passed, (addr.Outbound? "outbound": "inbound"),
addr.Network.IfIdx, addr.Network.SubIfIdx, addr.Loopback, hash);
if (ip_header != NULL)
{
UINT8 *src_addr = (UINT8 *)&ip_header->SrcAddr;
UINT8 *dst_addr = (UINT8 *)&ip_header->DstAddr;
WinDivertHelperFormatIPv4Address(ntohl(ip_header->SrcAddr),
src_str, sizeof(src_str));
WinDivertHelperFormatIPv4Address(ntohl(ip_header->DstAddr),
dst_str, sizeof(dst_str));
SetConsoleTextAttribute(console,
FOREGROUND_GREEN | FOREGROUND_RED);
printf("IPv4 [Version=%u HdrLength=%u TOS=%u Length=%u Id=0x%.4X "
"Reserved=%u DF=%u MF=%u FragOff=%u TTL=%u Protocol=%u "
"Checksum=0x%.4X SrcAddr=%u.%u.%u.%u DstAddr=%u.%u.%u.%u]\n",
"Checksum=0x%.4X SrcAddr=%s DstAddr=%s]\n",
ip_header->Version, ip_header->HdrLength,
ntohs(ip_header->TOS), ntohs(ip_header->Length),
ntohs(ip_header->Id), WINDIVERT_IPHDR_GET_RESERVED(ip_header),
WINDIVERT_IPHDR_GET_DF(ip_header),
WINDIVERT_IPHDR_GET_MF(ip_header),
ntohs(WINDIVERT_IPHDR_GET_FRAGOFF(ip_header)), ip_header->TTL,
ip_header->Protocol, ntohs(ip_header->Checksum),
src_addr[0], src_addr[1], src_addr[2], src_addr[3],
dst_addr[0], dst_addr[1], dst_addr[2], dst_addr[3]);
ip_header->Protocol, ntohs(ip_header->Checksum), src_str,
dst_str);
}
if (ipv6_header != NULL)
{
UINT16 *src_addr = (UINT16 *)&ipv6_header->SrcAddr;
UINT16 *dst_addr = (UINT16 *)&ipv6_header->DstAddr;
WinDivertHelperNtohIPv6Address(ipv6_header->SrcAddr, src_addr);
WinDivertHelperNtohIPv6Address(ipv6_header->DstAddr, dst_addr);
WinDivertHelperFormatIPv6Address(src_addr, src_str,
sizeof(src_str));
WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
sizeof(dst_str));
SetConsoleTextAttribute(console,
FOREGROUND_GREEN | FOREGROUND_RED);
printf("IPv6 [Version=%u TrafficClass=%u FlowLabel=%u Length=%u "
"NextHdr=%u HopLimit=%u SrcAddr=",
"NextHdr=%u HopLimit=%u SrcAddr=%s DstAddr=%s]\n",
ipv6_header->Version,
WINDIVERT_IPV6HDR_GET_TRAFFICCLASS(ipv6_header),
ntohl(WINDIVERT_IPV6HDR_GET_FLOWLABEL(ipv6_header)),
ntohs(ipv6_header->Length), ipv6_header->NextHdr,
ipv6_header->HopLimit);
for (i = 0; i < 8; i++)
{
printf("%x%c", ntohs(src_addr[i]), (i == 7? ' ': ':'));
}
fputs("DstAddr=", stdout);
for (i = 0; i < 8; i++)
{
printf("%x", ntohs(dst_addr[i]));
if (i != 7)
{
putchar(':');
}
}
fputs("]\n", stdout);
ipv6_header->HopLimit, src_str, dst_str);
}
if (icmp_header != NULL)
{
examples/netdump/netdump.vcxproj
+73 -58
View File
@@ -1,58 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup>
<ConfigurationType>Application</ConfigurationType>
<TARGETNAME>netdump</TARGETNAME>
<Configuration>Release</Configuration>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'">
<UseDebugLibraries>True</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'">
<UseDebugLibraries>False</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
<ItemGroup>
<ClCompile Include="netdump.c"/>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
</Project>
<?xml version="1.0" encoding="utf-8"?>
<!--
netdump.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="netdump.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>netdump</RootNamespace>
<ProjectName>netdump</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/netdump/sources
-21
View File
@@ -1,21 +0,0 @@
!IF "$(_BUILDARCH)" == "x86"
CPU=i386
!ELSE
CPU=$(_BUILDARCH)
!ENDIF
TARGETNAME=netdump
TARGETTYPE=PROGRAM
TARGETPATH=..\..\install\WDDK
TARGETLIBS=\
$(SDK_LIB_PATH)\setupapi.lib \
$(SDK_LIB_PATH)\user32.lib \
$(SDK_LIB_PATH)\ws2_32.lib \
$(TARGETPATH)\$(CPU)\WinDivert.lib
UMTYPE=console
UMENTRY=main
USE_MSVCRT=1
INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
SOURCES=netdump.c
examples/netfilter/Makefile
-1
View File
@@ -1 +0,0 @@
!INCLUDE $(NTMAKEENV)\makefile.def
examples/netfilter/netfilter.c
+38 -37
View File
@@ -1,6 +1,6 @@
/*
* netfilter.c
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -47,7 +47,6 @@
* This program is similar to Linux's iptables with the "-j REJECT" target.
*/
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
@@ -55,7 +54,14 @@
#include "windivert.h"
#define MAXBUF 0xFFFF
#define ntohs(x) WinDivertHelperNtohs(x)
#define ntohl(x) WinDivertHelperNtohl(x)
#define htons(x) WinDivertHelperHtons(x)
#define htonl(x) WinDivertHelperHtonl(x)
#define MAXBUF WINDIVERT_MTU_MAX
#define INET6_ADDRSTRLEN 45
#define IPPROTO_ICMPV6 58
/*
* Pre-fabricated packets.
@@ -113,6 +119,8 @@ int __cdecl main(int argc, char **argv)
PWINDIVERT_ICMPV6HDR icmpv6_header;
PWINDIVERT_TCPHDR tcp_header;
PWINDIVERT_UDPHDR udp_header;
UINT32 src_addr[4], dst_addr[4];
char src_str[INET6_ADDRSTRLEN+1], dst_str[INET6_ADDRSTRLEN+1];
UINT payload_len;
const char *err_str;
@@ -170,8 +178,8 @@ int __cdecl main(int argc, char **argv)
if (handle == INVALID_HANDLE_VALUE)
{
if (GetLastError() == ERROR_INVALID_PARAMETER &&
!WinDivertHelperCheckFilter(argv[1], WINDIVERT_LAYER_NETWORK,
&err_str, NULL))
!WinDivertHelperCompileFilter(argv[1], WINDIVERT_LAYER_NETWORK,
NULL, 0, &err_str, NULL))
{
fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
exit(EXIT_FAILURE);
@@ -185,17 +193,17 @@ int __cdecl main(int argc, char **argv)
while (TRUE)
{
// Read a matching packet.
if (!WinDivertRecv(handle, packet, sizeof(packet), &recv_addr,
&packet_len))
if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len,
&recv_addr))
{
fprintf(stderr, "warning: failed to read packet\n");
continue;
}
// Print info about the matching packet.
WinDivertHelperParsePacket(packet, packet_len, &ip_header,
&ipv6_header, &icmp_header, &icmpv6_header, &tcp_header,
&udp_header, NULL, &payload_len);
WinDivertHelperParsePacket(packet, packet_len, &ip_header, &ipv6_header,
NULL, &icmp_header, &icmpv6_header, &tcp_header, &udp_header, NULL,
&payload_len, NULL, NULL);
if (ip_header == NULL && ipv6_header == NULL)
{
continue;
@@ -208,28 +216,21 @@ int __cdecl main(int argc, char **argv)
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
if (ip_header != NULL)
{
UINT8 *src_addr = (UINT8 *)&ip_header->SrcAddr;
UINT8 *dst_addr = (UINT8 *)&ip_header->DstAddr;
printf("ip.SrcAddr=%u.%u.%u.%u ip.DstAddr=%u.%u.%u.%u ",
src_addr[0], src_addr[1], src_addr[2], src_addr[3],
dst_addr[0], dst_addr[1], dst_addr[2], dst_addr[3]);
WinDivertHelperFormatIPv4Address(ntohl(ip_header->SrcAddr),
src_str, sizeof(src_str));
WinDivertHelperFormatIPv4Address(ntohl(ip_header->DstAddr),
dst_str, sizeof(dst_str));
}
if (ipv6_header != NULL)
{
UINT16 *src_addr = (UINT16 *)&ipv6_header->SrcAddr;
UINT16 *dst_addr = (UINT16 *)&ipv6_header->DstAddr;
fputs("ipv6.SrcAddr=", stdout);
for (i = 0; i < 8; i++)
{
printf("%x%c", ntohs(src_addr[i]), (i == 7? ' ': ':'));
}
fputs(" ipv6.DstAddr=", stdout);
for (i = 0; i < 8; i++)
{
printf("%x%c", ntohs(dst_addr[i]), (i == 7? ' ': ':'));
}
putchar(' ');
WinDivertHelperNtohIPv6Address(ipv6_header->SrcAddr, src_addr);
WinDivertHelperNtohIPv6Address(ipv6_header->DstAddr, dst_addr);
WinDivertHelperFormatIPv6Address(src_addr, src_str,
sizeof(src_str));
WinDivertHelperFormatIPv6Address(dst_addr, dst_str,
sizeof(dst_str));
}
printf("ip.SrcAddr=%s ip.DstAddr=%s ", src_str, dst_str);
if (icmp_header != NULL)
{
printf("icmp.Type=%u icmp.Code=%u ",
@@ -287,11 +288,11 @@ int __cdecl main(int argc, char **argv)
htonl(ntohl(tcp_header->SeqNum) + payload_len));
memcpy(&send_addr, &recv_addr, sizeof(send_addr));
send_addr.Direction = !recv_addr.Direction;
send_addr.Outbound = !recv_addr.Outbound;
WinDivertHelperCalcChecksums((PVOID)reset, sizeof(TCPPACKET),
&send_addr, 0);
if (!WinDivertSend(handle, (PVOID)reset, sizeof(TCPPACKET),
&send_addr, NULL))
NULL, &send_addr))
{
fprintf(stderr, "warning: failed to send TCP reset (%d)\n",
GetLastError());
@@ -314,11 +315,11 @@ int __cdecl main(int argc, char **argv)
htonl(ntohl(tcp_header->SeqNum) + payload_len));
memcpy(&send_addr, &recv_addr, sizeof(send_addr));
send_addr.Direction = !recv_addr.Direction;
send_addr.Outbound = !recv_addr.Outbound;
WinDivertHelperCalcChecksums((PVOID)resetv6,
sizeof(TCPV6PACKET), &send_addr, 0);
if (!WinDivertSend(handle, (PVOID)resetv6, sizeof(TCPV6PACKET),
&send_addr, NULL))
NULL, &send_addr))
{
fprintf(stderr, "warning: failed to send TCP (IPV6) "
"reset (%d)\n", GetLastError());
@@ -340,11 +341,11 @@ int __cdecl main(int argc, char **argv)
dnr->ip.DstAddr = ip_header->SrcAddr;
memcpy(&send_addr, &recv_addr, sizeof(send_addr));
send_addr.Direction = !recv_addr.Direction;
send_addr.Outbound = !recv_addr.Outbound;
WinDivertHelperCalcChecksums((PVOID)dnr, icmp_length,
&send_addr, 0);
if (!WinDivertSend(handle, (PVOID)dnr, icmp_length, &send_addr,
NULL))
if (!WinDivertSend(handle, (PVOID)dnr, icmp_length, NULL,
&send_addr))
{
fprintf(stderr, "warning: failed to send ICMP message "
"(%d)\n", GetLastError());
@@ -363,11 +364,11 @@ int __cdecl main(int argc, char **argv)
sizeof(dnrv6->ipv6.DstAddr));
memcpy(&send_addr, &recv_addr, sizeof(send_addr));
send_addr.Direction = !recv_addr.Direction;
send_addr.Outbound = !recv_addr.Outbound;
WinDivertHelperCalcChecksums((PVOID)dnrv6, icmpv6_length,
&send_addr, 0);
if (!WinDivertSend(handle, (PVOID)dnrv6, icmpv6_length,
&send_addr, NULL))
NULL, &send_addr))
{
fprintf(stderr, "warning: failed to send ICMPv6 message "
"(%d)\n", GetLastError());
examples/netfilter/netfilter.vcxproj
+73 -58
View File
@@ -1,58 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup>
<ConfigurationType>Application</ConfigurationType>
<TARGETNAME>netfilter</TARGETNAME>
<Configuration>Release</Configuration>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'">
<UseDebugLibraries>True</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'">
<UseDebugLibraries>False</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
<ItemGroup>
<ClCompile Include="netfilter.c"/>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
</Project>
<?xml version="1.0" encoding="utf-8"?>
<!--
netfilter.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="netfilter.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>netfilter</RootNamespace>
<ProjectName>netfilter</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/netfilter/sources
-21
View File
@@ -1,21 +0,0 @@
!IF "$(_BUILDARCH)" == "x86"
CPU=i386
!ELSE
CPU=$(_BUILDARCH)
!ENDIF
TARGETNAME=netfilter
TARGETTYPE=PROGRAM
TARGETPATH=..\..\install\WDDK
TARGETLIBS=\
$(SDK_LIB_PATH)\setupapi.lib \
$(SDK_LIB_PATH)\user32.lib \
$(SDK_LIB_PATH)\ws2_32.lib \
$(TARGETPATH)\$(CPU)\WinDivert.lib
UMTYPE=console
UMENTRY=main
USE_MSVCRT=1
INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
SOURCES=netfilter.c
examples/passthru/Makefile
-1
View File
@@ -1 +0,0 @@
!INCLUDE $(NTMAKEENV)\makefile.def
examples/passthru/passthru.c
+77 -23
View File
@@ -1,6 +1,6 @@
/*
* passthru.c
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -37,7 +37,7 @@
* This program does nothing except divert packets and re-inject them. This is
* useful for performance testing.
*
* usage: netdump.exe windivert-filter num-threads
* usage: passthru.exe [windivert-filter] [num-threads] [batch-size] [priority]
*/
#include <winsock2.h>
@@ -47,7 +47,13 @@
#include "windivert.h"
#define MAXBUF 0xFFFF
#define MTU 1500
typedef struct
{
HANDLE handle;
int batch;
} CONFIG, *PCONFIG;
static DWORD passthru(LPVOID arg);
@@ -56,27 +62,53 @@ static DWORD passthru(LPVOID arg);
*/
int __cdecl main(int argc, char **argv)
{
int num_threads, priority = 0, i;
const char *filter = "true";
int threads = 1, batch = 1, priority = 0;
int i;
HANDLE handle, thread;
CONFIG config;
if (argc != 3 && argc != 4)
if (argc > 5)
{
fprintf(stderr, "usage: %s filter num-threads [priority]\n", argv[0]);
fprintf(stderr, "usage: %s [filter] [num-threads] [batch-size] "
"[priority]\n", argv[0]);
exit(EXIT_FAILURE);
}
num_threads = atoi(argv[2]);
if (num_threads < 1 || num_threads > 64)
if (argc >= 2)
{
fprintf(stderr, "error: invalid number of threads\n");
exit(EXIT_FAILURE);
filter = argv[1];
}
if (argc == 4)
if (argc >= 3)
{
priority = atoi(argv[3]);
threads = atoi(argv[2]);
if (threads < 1 || threads > 64)
{
fprintf(stderr, "error: invalid number of threads\n");
exit(EXIT_FAILURE);
}
}
if (argc >= 4)
{
batch = atoi(argv[3]);
if (batch <= 0 || batch > WINDIVERT_BATCH_MAX)
{
fprintf(stderr, "error: invalid batch size\n");
exit(EXIT_FAILURE);
}
}
if (argc >= 5)
{
priority = atoi(argv[4]);
if (priority < WINDIVERT_PRIORITY_LOWEST ||
priority > WINDIVERT_PRIORITY_HIGHEST)
{
fprintf(stderr, "error: invalid priority value\n");
exit(EXIT_FAILURE);
}
}
// Divert traffic matching the filter:
handle = WinDivertOpen(argv[1], WINDIVERT_LAYER_NETWORK, (INT16)priority,
handle = WinDivertOpen(filter, WINDIVERT_LAYER_NETWORK, (INT16)priority,
0);
if (handle == INVALID_HANDLE_VALUE)
{
@@ -91,20 +123,22 @@ int __cdecl main(int argc, char **argv)
}
// Start the threads
for (i = 1; i < num_threads; i++)
config.handle = handle;
config.batch = batch;
for (i = 1; i < threads; i++)
{
thread = CreateThread(NULL, 1, (LPTHREAD_START_ROUTINE)passthru,
(LPVOID)handle, 0, NULL);
(LPVOID)&config, 0, NULL);
if (thread == NULL)
{
fprintf(stderr, "error: failed to start passthru thread (%u)\n",
fprintf(stderr, "error: failed to start passthru thread (%d)\n",
GetLastError());
exit(EXIT_FAILURE);
}
}
// Main thread:
passthru((LPVOID)handle);
passthru((LPVOID)&config);
return 0;
}
@@ -112,16 +146,35 @@ int __cdecl main(int argc, char **argv)
// Passthru thread.
static DWORD passthru(LPVOID arg)
{
unsigned char packet[MAXBUF];
UINT packet_len;
WINDIVERT_ADDRESS addr;
HANDLE handle = (HANDLE)arg;
UINT8 *packet;
UINT packet_len, recv_len, addr_len;
WINDIVERT_ADDRESS *addr;
PCONFIG config = (PCONFIG)arg;
HANDLE handle;
int batch;
handle = config->handle;
batch = config->batch;
packet_len = batch * MTU;
packet_len =
(packet_len < WINDIVERT_MTU_MAX? WINDIVERT_MTU_MAX: packet_len);
packet = (UINT8 *)malloc(packet_len);
addr = (WINDIVERT_ADDRESS *)malloc(batch * sizeof(WINDIVERT_ADDRESS));
if (packet == NULL || addr == NULL)
{
fprintf(stderr, "error: failed to allocate buffer (%d)\n",
GetLastError());
exit(EXIT_FAILURE);
}
// Main loop:
while (TRUE)
{
// Read a matching packet.
if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
addr_len = batch * sizeof(WINDIVERT_ADDRESS);
if (!WinDivertRecvEx(handle, packet, packet_len, &recv_len, 0,
addr, &addr_len, NULL))
{
fprintf(stderr, "warning: failed to read packet (%d)\n",
GetLastError());
@@ -129,7 +182,8 @@ static DWORD passthru(LPVOID arg)
}
// Re-inject the matching packet.
if (!WinDivertSend(handle, packet, packet_len, &addr, NULL))
if (!WinDivertSendEx(handle, packet, recv_len, NULL, 0, addr,
addr_len, NULL))
{
fprintf(stderr, "warning: failed to reinject packet (%d)\n",
GetLastError());
examples/passthru/passthru.vcxproj
+73 -58
View File
@@ -1,58 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup>
<ConfigurationType>Application</ConfigurationType>
<TARGETNAME>passthru</TARGETNAME>
<Configuration>Release</Configuration>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'">
<UseDebugLibraries>True</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'">
<UseDebugLibraries>False</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
<ItemGroup>
<ClCompile Include="passthru.c"/>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
</Project>
<?xml version="1.0" encoding="utf-8"?>
<!--
passthru.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="passthru.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>passthru</RootNamespace>
<ProjectName>passthru</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/passthru/sources
-21
View File
@@ -1,21 +0,0 @@
!IF "$(_BUILDARCH)" == "x86"
CPU=i386
!ELSE
CPU=$(_BUILDARCH)
!ENDIF
TARGETNAME=passthru
TARGETTYPE=PROGRAM
TARGETPATH=..\..\install\WDDK
TARGETLIBS=\
$(SDK_LIB_PATH)\setupapi.lib \
$(SDK_LIB_PATH)\user32.lib \
$(SDK_LIB_PATH)\ws2_32.lib \
$(TARGETPATH)\$(CPU)\WinDivert.lib
UMTYPE=console
UMENTRY=main
USE_MSVCRT=1
INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
SOURCES=passthru.c
examples/socketdump/socketdump.c
+247
View File
@@ -0,0 +1,247 @@
/*
* socketdump.c
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
* WinDivert is free software: you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* WinDivert is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., 51
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
* DESCRIPTION:
*
* usage: socketdump.exe [filter]
* socketdump.exe --block [filter]
*/
#include <winsock2.h>
#include <windows.h>
#include <psapi.h>
#include <shlwapi.h>
#include <stdio.h>
#include <stdlib.h>
#include "windivert.h"
#define INET6_ADDRSTRLEN 45
/*
* Entry.
*/
int __cdecl main(int argc, char **argv)
{
HANDLE handle, process, console;
INT16 priority = 1121; // Arbitrary.
const char *filter = "true", *err_str;
char path[MAX_PATH+1];
char local_str[INET6_ADDRSTRLEN+1], remote_str[INET6_ADDRSTRLEN+1];
char *filename;
DWORD path_len;
WINDIVERT_ADDRESS addr;
BOOL block = FALSE;
switch (argc)
{
case 1:
break;
case 2:
if (strcmp(argv[1], "--block") == 0)
{
block = TRUE;
}
else
{
filter = argv[1];
}
break;
case 3:
if (strcmp(argv[1], "--block") == 0)
{
block = TRUE;
filter = argv[2];
break;
}
// Fallthrough:
default:
fprintf(stderr, "usage: %s [filter]\n", argv[0]);
fprintf(stderr, " %s --block [filter]\n", argv[0]);
exit(EXIT_FAILURE);
}
// Open WinDivert SOCKET handle:
handle = WinDivertOpen(filter, WINDIVERT_LAYER_SOCKET, priority,
(block? 0: WINDIVERT_FLAG_SNIFF) | WINDIVERT_FLAG_RECV_ONLY);
if (handle == INVALID_HANDLE_VALUE)
{
if (GetLastError() == ERROR_INVALID_PARAMETER &&
!WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_SOCKET,
NULL, 0, &err_str, NULL))
{
fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
exit(EXIT_FAILURE);
}
fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
// Main loop:
console = GetStdHandle(STD_OUTPUT_HANDLE);
while (TRUE)
{
if (!WinDivertRecv(handle, NULL, 0, NULL, &addr))
{
fprintf(stderr, "failed to read packet (%d)\n", GetLastError());
continue;
}
switch (addr.Event)
{
case WINDIVERT_EVENT_SOCKET_BIND:
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
printf("BIND");
break;
case WINDIVERT_EVENT_SOCKET_LISTEN:
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
printf("LISTEN");
break;
case WINDIVERT_EVENT_SOCKET_CONNECT:
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
printf("CONNECT");
break;
case WINDIVERT_EVENT_SOCKET_ACCEPT:
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
printf("ACCEPT");
break;
case WINDIVERT_EVENT_SOCKET_CLOSE:
SetConsoleTextAttribute(console, FOREGROUND_RED);
printf("CLOSE");
break;
default:
SetConsoleTextAttribute(console, FOREGROUND_BLUE);
printf("???");
break;
}
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
printf(" pid=");
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%u", addr.Socket.ProcessId);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
printf(" program=");
process = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE,
addr.Socket.ProcessId);
path_len = 0;
if (process != NULL)
{
path_len = GetProcessImageFileName(process, path, sizeof(path));
CloseHandle(process);
}
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
if (path_len != 0)
{
filename = PathFindFileName(path);
printf("%s", filename);
}
else if (addr.Socket.ProcessId == 4)
{
printf("Windows");
}
else
{
printf("???");
}
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
printf(" endpoint=");
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%lu", addr.Socket.EndpointId);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
printf(" parent=");
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%lu", addr.Socket.ParentEndpointId);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
printf(" protocol=");
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
switch (addr.Socket.Protocol)
{
case IPPROTO_TCP:
printf("TCP");
break;
case IPPROTO_UDP:
printf("UDP");
break;
case IPPROTO_ICMP:
printf("ICMP");
break;
case IPPROTO_ICMPV6:
printf("ICMPV6");
break;
default:
printf("%u", addr.Socket.Protocol);
break;
}
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
WinDivertHelperFormatIPv6Address(addr.Socket.LocalAddr, local_str,
sizeof(local_str));
if (addr.Socket.LocalPort != 0 || strcmp(local_str, "::") != 0)
{
printf(" local=");
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("[%s]:%u", local_str, addr.Socket.LocalPort);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
}
WinDivertHelperFormatIPv6Address(addr.Socket.RemoteAddr, remote_str,
sizeof(remote_str));
if (addr.Socket.RemotePort != 0 || strcmp(remote_str, "::") != 0)
{
printf(" remote=");
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("[%s]:%u", remote_str, addr.Socket.RemotePort);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN |
FOREGROUND_BLUE);
}
putchar('\n');
}
return 0;
}
examples/socketdump/socketdump.vcxproj
+73
View File
@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
socketdump.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="socketdump.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>socketdump</RootNamespace>
<ProjectName>socketdump</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/streamdump/Makefile
-1
View File
@@ -1 +0,0 @@
!INCLUDE $(NTMAKEENV)\makefile.def
examples/streamdump/sources
-21
View File
@@ -1,21 +0,0 @@
!IF "$(_BUILDARCH)" == "x86"
CPU=i386
!ELSE
CPU=$(_BUILDARCH)
!ENDIF
TARGETNAME=streamdump
TARGETTYPE=PROGRAM
TARGETPATH=..\..\install\WDDK
TARGETLIBS=\
$(SDK_LIB_PATH)\setupapi.lib \
$(SDK_LIB_PATH)\user32.lib \
$(SDK_LIB_PATH)\ws2_32.lib \
$(TARGETPATH)\$(CPU)\WinDivert.lib
UMTYPE=console
UMENTRY=main
USE_MSVCRT=1
INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
SOURCES=streamdump.c
examples/streamdump/streamdump.c
+42 -111
View File
@@ -1,6 +1,6 @@
/*
* streamdump.c
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -40,8 +40,6 @@
* The program works by "reflecting" outbound TCP connections into inbound
* TCP connections that are handled by a simple proxy server.
*
* This program also demonstrates WinDivert asynchronous I/O.
*
* usage: streamdump.exe port
*/
@@ -53,7 +51,7 @@
#include "windivert.h"
#define MAXBUF 0xFFFF
#define MAXBUF WINDIVERT_MTU_MAX
#define PROXY_PORT 34010
#define ALT_PORT 43010
#define MAX_LINE 65
@@ -114,24 +112,6 @@ static void message(const char *msg, ...)
#define warning(msg, ...) \
message("warning: " msg, ## __VA_ARGS__)
/*
* Cleanup completed I/O requests.
*/
static void cleanup(HANDLE ioport, OVERLAPPED *ignore)
{
OVERLAPPED *overlapped;
DWORD iolen;
ULONG_PTR iokey = 0;
while (GetQueuedCompletionStatus(ioport, &iolen, &iokey, &overlapped, 0))
{
if (overlapped != ignore)
{
free(overlapped);
}
}
}
/*
* Entry.
*/
@@ -148,9 +128,6 @@ int __cdecl main(int argc, char **argv)
WINDIVERT_ADDRESS addr;
PWINDIVERT_IPHDR ip_header;
PWINDIVERT_TCPHDR tcp_header;
OVERLAPPED *poverlapped;
OVERLAPPED overlapped;
HANDLE ioport, event;
DWORD len;
// Init.
@@ -174,19 +151,9 @@ int __cdecl main(int argc, char **argv)
GetLastError());
exit(EXIT_FAILURE);
}
ioport = CreateIoCompletionPort(INVALID_HANDLE_VALUE, NULL, 0, 0);
if (ioport == NULL)
{
error("failed to create I/O completion port (%d)", GetLastError());
}
event = CreateEvent(NULL, FALSE, FALSE, NULL);
if (event == NULL)
{
error("failed to create event (%d)", GetLastError());
}
// Divert all traffic to/from `port', `proxy_port' and `alt_port'.
r = sprintf_s(filter, sizeof(filter),
r = snprintf(filter, sizeof(filter),
"tcp and "
"(tcp.DstPort == %d or tcp.DstPort == %d or tcp.DstPort == %d or "
"tcp.SrcPort == %d or tcp.SrcPort == %d or tcp.SrcPort == %d)",
@@ -200,10 +167,6 @@ int __cdecl main(int argc, char **argv)
{
error("failed to open the WinDivert device (%d)", GetLastError());
}
if (CreateIoCompletionPort(handle, ioport, 0, 0) == NULL)
{
error("failed to associate I/O completion port (%d)", GetLastError());
}
// Spawn proxy thread,
config = (PPROXY_CONFIG)malloc(sizeof(PROXY_CONFIG));
@@ -224,89 +187,57 @@ int __cdecl main(int argc, char **argv)
// Main loop:
while (TRUE)
{
memset(&overlapped, 0, sizeof(overlapped));
ResetEvent(event);
overlapped.hEvent = event;
if (!WinDivertRecvEx(handle, packet, sizeof(packet), 0, &addr,
&packet_len, &overlapped))
if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
{
if (GetLastError() != ERROR_IO_PENDING)
{
read_failed:
warning("failed to read packet (%d)", GetLastError());
continue;
}
// Timeout = 1s
while (WaitForSingleObject(event, 1000) == WAIT_TIMEOUT)
{
cleanup(ioport, &overlapped);
}
if (!GetOverlappedResult(handle, &overlapped, &len, FALSE))
{
goto read_failed;
}
packet_len = len;
warning("failed to read packet (%d)", GetLastError());
continue;
}
cleanup(ioport, &overlapped);
if (!WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
NULL, NULL, &tcp_header, NULL, NULL, NULL))
WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL, NULL,
NULL, NULL, &tcp_header, NULL, NULL, NULL, NULL, NULL);
if (ip_header == NULL || tcp_header == NULL)
{
warning("failed to parse packet (%d)", GetLastError());
continue;
}
switch (addr.Direction)
if (addr.Outbound)
{
case WINDIVERT_DIRECTION_OUTBOUND:
if (tcp_header->DstPort == htons(port))
{
// Reflect: PORT ---> PROXY
UINT32 dst_addr = ip_header->DstAddr;
tcp_header->DstPort = htons(proxy_port);
ip_header->DstAddr = ip_header->SrcAddr;
ip_header->SrcAddr = dst_addr;
addr.Direction = WINDIVERT_DIRECTION_INBOUND;
}
else if (tcp_header->SrcPort == htons(proxy_port))
{
// Reflect: PROXY ---> PORT
UINT32 dst_addr = ip_header->DstAddr;
tcp_header->SrcPort = htons(port);
ip_header->DstAddr = ip_header->SrcAddr;
ip_header->SrcAddr = dst_addr;
addr.Direction = WINDIVERT_DIRECTION_INBOUND;
}
else if (tcp_header->DstPort == htons(alt_port))
{
// Redirect: ALT ---> PORT
tcp_header->DstPort = htons(port);
}
break;
case WINDIVERT_DIRECTION_INBOUND:
if (tcp_header->SrcPort == htons(port))
{
// Redirect: PORT ---> ALT
tcp_header->SrcPort = htons(alt_port);
}
break;
if (tcp_header->DstPort == htons(port))
{
// Reflect: PORT ---> PROXY
UINT32 dst_addr = ip_header->DstAddr;
tcp_header->DstPort = htons(proxy_port);
ip_header->DstAddr = ip_header->SrcAddr;
ip_header->SrcAddr = dst_addr;
addr.Outbound = FALSE;
}
else if (tcp_header->SrcPort == htons(proxy_port))
{
// Reflect: PROXY ---> PORT
UINT32 dst_addr = ip_header->DstAddr;
tcp_header->SrcPort = htons(port);
ip_header->DstAddr = ip_header->SrcAddr;
ip_header->SrcAddr = dst_addr;
addr.Outbound = FALSE;
}
else if (tcp_header->DstPort == htons(alt_port))
{
// Redirect: ALT ---> PORT
tcp_header->DstPort = htons(port);
}
}
else
{
if (tcp_header->SrcPort == htons(port))
{
// Redirect: PORT ---> ALT
tcp_header->SrcPort = htons(alt_port);
}
}
WinDivertHelperCalcChecksums(packet, packet_len, &addr, 0);
poverlapped = (OVERLAPPED *)malloc(sizeof(OVERLAPPED));
if (poverlapped == NULL)
{
error("failed to allocate memory");
}
memset(poverlapped, 0, sizeof(OVERLAPPED));
if (WinDivertSendEx(handle, packet, packet_len, 0, &addr, NULL,
poverlapped))
{
continue;
}
if (GetLastError() != ERROR_IO_PENDING)
if (!WinDivertSend(handle, packet, packet_len, NULL, &addr))
{
warning("failed to send packet (%d)", GetLastError());
continue;
examples/streamdump/streamdump.vcxproj
+73 -58
View File
@@ -1,58 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup>
<ConfigurationType>Application</ConfigurationType>
<TARGETNAME>streamdump</TARGETNAME>
<Configuration>Release</Configuration>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'">
<UseDebugLibraries>True</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'">
<UseDebugLibraries>False</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
<ItemGroup>
<ClCompile Include="streamdump.c"/>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
</Project>
<?xml version="1.0" encoding="utf-8"?>
<!--
streamdump.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="streamdump.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>streamdump</RootNamespace>
<ProjectName>streamdump</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/webfilter/Makefile
-1
View File
@@ -1 +0,0 @@
!INCLUDE $(NTMAKEENV)\makefile.def
examples/webfilter/sources
-21
View File
@@ -1,21 +0,0 @@
!IF "$(_BUILDARCH)" == "x86"
CPU=i386
!ELSE
CPU=$(_BUILDARCH)
!ENDIF
TARGETNAME=webfilter
TARGETTYPE=PROGRAM
TARGETPATH=..\..\install\WDDK
TARGETLIBS=\
$(SDK_LIB_PATH)\setupapi.lib \
$(SDK_LIB_PATH)\user32.lib \
$(SDK_LIB_PATH)\ws2_32.lib \
$(TARGETPATH)\$(CPU)\WinDivert.lib
UMTYPE=console
UMENTRY=main
USE_MSVCRT=1
INCLUDES=$(DDK_INC_PATH);$(KMDF_INC_PATH)\$(KMDF_VER_PATH);..\..\include
SOURCES=webfilter.c
examples/webfilter/webfilter.c
+19 -13
View File
@@ -1,6 +1,6 @@
/*
* webfilter.c
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -42,15 +42,19 @@
* blockpage to the browser.
*/
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include "windivert.h"
#define MAXBUF 0xFFFF
#define MAXURL 4096
#define ntohs(x) WinDivertHelperNtohs(x)
#define ntohl(x) WinDivertHelperNtohl(x)
#define htons(x) WinDivertHelperHtons(x)
#define htonl(x) WinDivertHelperHtonl(x)
#define MAXBUF WINDIVERT_MTU_MAX
#define MAXURL 4096
/*
* URL and blacklist representation.
@@ -193,19 +197,21 @@ int __cdecl main(int argc, char **argv)
// Main loop:
while (TRUE)
{
if (!WinDivertRecv(handle, packet, sizeof(packet), &addr, &packet_len))
if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
{
fprintf(stderr, "warning: failed to read packet (%d)\n",
GetLastError());
continue;
}
if (!WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
NULL, NULL, &tcp_header, NULL, &payload, &payload_len) ||
WinDivertHelperParsePacket(packet, packet_len, &ip_header, NULL,
NULL, NULL, NULL, &tcp_header, NULL, &payload, &payload_len,
NULL, NULL);
if (ip_header == NULL || tcp_header == NULL || payload == NULL ||
!BlackListPayloadMatch(blacklist, payload, (UINT16)payload_len))
{
// Packet does not match the blacklist; simply reinject it.
if (!WinDivertSend(handle, packet, packet_len, &addr, NULL))
if (!WinDivertSend(handle, packet, packet_len, NULL, &addr))
{
fprintf(stderr, "warning: failed to reinject packet (%d)\n",
GetLastError());
@@ -225,7 +231,7 @@ int __cdecl main(int argc, char **argv)
reset->tcp.SeqNum = tcp_header->SeqNum;
reset->tcp.AckNum = tcp_header->AckNum;
WinDivertHelperCalcChecksums((PVOID)reset, sizeof(PACKET), &addr, 0);
if (!WinDivertSend(handle, (PVOID)reset, sizeof(PACKET), &addr, NULL))
if (!WinDivertSend(handle, (PVOID)reset, sizeof(PACKET), NULL, &addr))
{
fprintf(stderr, "warning: failed to send reset packet (%d)\n",
GetLastError());
@@ -238,10 +244,10 @@ int __cdecl main(int argc, char **argv)
blockpage->header.tcp.SeqNum = tcp_header->AckNum;
blockpage->header.tcp.AckNum =
htonl(ntohl(tcp_header->SeqNum) + payload_len);
addr.Direction = !addr.Direction; // Reverse direction.
addr.Outbound = !addr.Outbound; // Reverse direction.
WinDivertHelperCalcChecksums((PVOID)blockpage, blockpage_len, &addr, 0);
if (!WinDivertSend(handle, (PVOID)blockpage, blockpage_len, &addr,
NULL))
if (!WinDivertSend(handle, (PVOID)blockpage, blockpage_len, NULL,
&addr))
{
fprintf(stderr, "warning: failed to send block page packet (%d)\n",
GetLastError());
@@ -258,7 +264,7 @@ int __cdecl main(int argc, char **argv)
finish->tcp.AckNum =
htonl(ntohl(tcp_header->SeqNum) + payload_len);
WinDivertHelperCalcChecksums((PVOID)finish, sizeof(PACKET), &addr, 0);
if (!WinDivertSend(handle, (PVOID)finish, sizeof(PACKET), &addr, NULL))
if (!WinDivertSend(handle, (PVOID)finish, sizeof(PACKET), NULL, &addr))
{
fprintf(stderr, "warning: failed to send finish packet (%d)\n",
GetLastError());
examples/webfilter/webfilter.vcxproj
+73 -58
View File
@@ -1,58 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup>
<ConfigurationType>Application</ConfigurationType>
<TARGETNAME>webfilter</TARGETNAME>
<Configuration>Release</Configuration>
</PropertyGroup>
<ItemDefinitionGroup>
<ClCompile>
<AdditionalIncludeDirectories>..\..\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<AdditionalDependencies>ws2_32.lib;..\..\install\MSVC\WinDivert.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Label="Configuration" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<PlatformToolset>v110</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Debug'">
<UseDebugLibraries>True</UseDebugLibraries>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)'=='Release'">
<UseDebugLibraries>False</UseDebugLibraries>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
<ItemGroup>
<ClCompile Include="webfilter.c"/>
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
</Project>
<?xml version="1.0" encoding="utf-8"?>
<!--
webfilter.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="webfilter.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>webfilter</RootNamespace>
<ProjectName>webfilter</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
examples/windivertctl/windivertctl.c
+392
View File
@@ -0,0 +1,392 @@
/*
* windivertctl.c
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
* WinDivert is free software: you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* WinDivert is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc., 51
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
/*
* DESCRIPTION:
*
* usage: windivertctl.exe list
*/
#include <winsock2.h>
#include <windows.h>
#include <psapi.h>
#include <shlwapi.h>
#include <stdio.h>
#include <stdlib.h>
#include "windivert.h"
#define MAX_PACKET 0xFFFF
#define MAX_FILTER_LEN 30000
/*
* Modes.
*/
typedef enum
{
LIST,
WATCH,
KILL,
UNINSTALL
} MODE;
/*
* Entry.
*/
int __cdecl main(int argc, char **argv)
{
HANDLE handle, process, console, mutex;
INT16 priority = -333; // Arbitrary.
UINT packet_len;
static UINT8 packet[MAX_PACKET];
static char path[MAX_PATH+1];
static char filter_str[MAX_FILTER_LEN];
DWORD path_len;
BOOL or;
WINDIVERT_ADDRESS addr;
ULONGLONG freq, start_count;
LARGE_INTEGER li;
MODE mode;
SC_HANDLE manager = NULL, service = NULL;
SERVICE_STATUS status;
const char *filter = "true";
const char *err_str = NULL;
if (argc != 2 && argc != 3)
{
usage:
fprintf(stderr, "usage: %s (list|watch|kill) [filter]\n", argv[0]);
fprintf(stderr, " %s uninstall\n", argv[0]);
exit(EXIT_FAILURE);
}
if (strcmp(argv[1], "list") == 0)
{
mode = LIST;
}
else if (strcmp(argv[1], "watch") == 0)
{
mode = WATCH;
}
else if (strcmp(argv[1], "kill") == 0)
{
mode = KILL;
}
else if (strcmp(argv[1], "uninstall") == 0)
{
if (argc != 2)
{
goto usage;
}
mode = UNINSTALL;
}
else
{
goto usage;
}
if (argc == 3)
{
filter = argv[2];
}
// Time management
QueryPerformanceFrequency(&li);
freq = li.QuadPart;
QueryPerformanceCounter(&li);
start_count = li.QuadPart;
// Open WinDivert REFLECT handle:
handle = WinDivertOpen(filter, WINDIVERT_LAYER_REFLECT, priority,
WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_RECV_ONLY |
(mode == WATCH? 0: WINDIVERT_FLAG_NO_INSTALL));
if (handle == INVALID_HANDLE_VALUE)
{
if (mode != WATCH && GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST)
{
// WinDivert driver is not running, so no open handles.
return 0;
}
if (GetLastError() == ERROR_INVALID_PARAMETER &&
!WinDivertHelperCompileFilter(filter, WINDIVERT_LAYER_REFLECT,
NULL, 0, &err_str, NULL))
{
fprintf(stderr, "error: invalid filter \"%s\"\n", err_str);
exit(EXIT_FAILURE);
}
fprintf(stderr, "error: failed to open the WinDivert device (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
if (mode != WATCH && !WinDivertShutdown(handle, WINDIVERT_SHUTDOWN_BOTH))
{
fprintf(stderr, "error: failed to shutdown WinDivert handle (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
if (!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_LENGTH,
WINDIVERT_PARAM_QUEUE_LENGTH_MAX) ||
!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_SIZE,
WINDIVERT_PARAM_QUEUE_SIZE_MAX) ||
!WinDivertSetParam(handle, WINDIVERT_PARAM_QUEUE_TIME,
WINDIVERT_PARAM_QUEUE_TIME_MAX))
{
fprintf(stderr, "error: failed to set WinDivert handle params (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
// Main loop:
console = GetStdHandle(STD_OUTPUT_HANDLE);
while (TRUE)
{
if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr))
{
if (mode != WATCH && GetLastError() == ERROR_NO_DATA)
{
break;
}
fprintf(stderr, "failed to receive event (%d)\n", GetLastError());
continue;
}
switch (addr.Event)
{
case WINDIVERT_EVENT_REFLECT_OPEN:
// Open handle:
if (mode == KILL || mode == UNINSTALL)
{
SetConsoleTextAttribute(console, FOREGROUND_RED);
fputs("KILL", stdout);
}
else
{
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
fputs("OPEN", stdout);
}
break;
case WINDIVERT_EVENT_REFLECT_CLOSE:
// Close handle:
if (mode != WATCH)
{
continue;
}
SetConsoleTextAttribute(console, FOREGROUND_RED);
fputs("CLOSE", stdout);
break;
default:
fputs("???", stdout);
break;
}
process = OpenProcess(
PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE,
FALSE, addr.Reflect.ProcessId);
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" time=", stdout);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%.3fs", (double)(addr.Reflect.Timestamp - (INT64)start_count) /
(double)freq);
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" pid=", stdout);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%u", addr.Reflect.ProcessId);
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" exe=", stdout);
path_len = 0;
if (process != NULL)
{
path_len = GetProcessImageFileName(process, path, sizeof(path));
if (mode == KILL || mode == UNINSTALL)
{
TerminateProcess(process, 0);
}
CloseHandle(process);
}
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%s", (path_len != 0? path: "???"));
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" layer=", stdout);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
switch (addr.Reflect.Layer)
{
case WINDIVERT_LAYER_NETWORK:
fputs("NETWORK", stdout);
break;
case WINDIVERT_LAYER_NETWORK_FORWARD:
fputs("NETWORK_FORWARD", stdout);
break;
case WINDIVERT_LAYER_FLOW:
fputs("FLOW", stdout);
break;
case WINDIVERT_LAYER_SOCKET:
fputs("SOCKET", stdout);
break;
case WINDIVERT_LAYER_REFLECT:
fputs("REFLECT", stdout);
break;
default:
fputs("???", stdout);
break;
}
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" flags=", stdout);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
if (addr.Reflect.Flags == 0)
{
fputs("0", stdout);
}
else
{
or = FALSE;
if ((addr.Reflect.Flags & WINDIVERT_FLAG_SNIFF) != 0)
{
fputs("SNIFF", stdout);
or = TRUE;
}
if ((addr.Reflect.Flags & WINDIVERT_FLAG_DROP) != 0)
{
printf("%sDROP", (or? "|": ""));
or = TRUE;
}
if ((addr.Reflect.Flags & WINDIVERT_FLAG_RECV_ONLY) != 0)
{
printf("%sRECV_ONLY", (or? "|": ""));
or = TRUE;
}
if ((addr.Reflect.Flags & WINDIVERT_FLAG_SEND_ONLY) != 0)
{
printf("%sSEND_ONLY", (or? "|": ""));
or = TRUE;
}
if ((addr.Reflect.Flags & WINDIVERT_FLAG_NO_INSTALL) != 0)
{
printf("%sNO_INSTALL", (or? "|": ""));
or = TRUE;
}
}
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" priority=", stdout);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
printf("%d", addr.Reflect.Priority);
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
fputs(" filter=", stdout);
SetConsoleTextAttribute(console, FOREGROUND_RED | FOREGROUND_GREEN);
if (WinDivertHelperFormatFilter((char *)packet, addr.Reflect.Layer,
filter_str, sizeof(filter_str)))
{
printf("\"%s\"", filter_str);
}
else
{
printf("\"%s\"", (char *)packet);
}
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
putchar('\n');
}
if (!WinDivertClose(handle))
{
fprintf(stderr, "error: failed to close WinDivert handle (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
if (mode == UNINSTALL)
{
// Stop & delete the WinDivert service:
mutex = CreateMutex(NULL, FALSE, "WinDivertDriverInstallMutex");
if (mutex == NULL)
{
fprintf(stderr, "error: failed to create WinDivert driver "
"install mutex (%d)\n", GetLastError());
return EXIT_FAILURE;
}
switch (WaitForSingleObject(mutex, INFINITE))
{
case WAIT_OBJECT_0: case WAIT_ABANDONED:
break;
default:
fprintf(stderr, "error: failed to acquire WinDivert driver "
"install mutex (%d)\n", GetLastError());
return EXIT_FAILURE;
}
manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (manager == NULL)
{
fprintf(stderr, "error: failed to open service manager (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
service = OpenService(manager, "WinDivert", SERVICE_ALL_ACCESS);
if (service == NULL)
{
fprintf(stderr, "error: failed to open WinDivert service (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
if (!ControlService(service, SERVICE_CONTROL_STOP, &status))
{
fprintf(stderr, "error: failed to stop WinDivert service (%d)\n",
GetLastError());
return EXIT_FAILURE;
}
if (status.dwCurrentState != SERVICE_STOPPED)
{
fprintf(stderr, "error: failed to stop WinDivert service");
return EXIT_FAILURE;
}
CloseServiceHandle(service);
CloseServiceHandle(manager);
SetConsoleTextAttribute(console, FOREGROUND_GREEN);
fputs("UNINSTALL", stdout);
SetConsoleTextAttribute(console,
FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE);
puts(" WinDivert");
ReleaseMutex(mutex);
CloseHandle(mutex);
}
return 0;
}
examples/windivertctl/windivertctl.vcxproj
+73
View File
@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
windivertctl.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="windivertctl.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>windivertctl</RootNamespace>
<ProjectName>windivertctl</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
include/windivert.h
+287 -67
View File
@@ -1,6 +1,6 @@
/*
* windivert.h
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -40,7 +40,7 @@
#endif /* WINDIVERT_KERNEL */
#ifndef WINDIVERTEXPORT
#define WINDIVERTEXPORT __declspec(dllimport)
#define WINDIVERTEXPORT extern __declspec(dllimport)
#endif /* WINDIVERTEXPORT */
#ifdef __MINGW32__
@@ -70,58 +70,163 @@ extern "C" {
/****************************************************************************/
/*
* Divert address.
*/
typedef struct
{
INT64 Timestamp; /* Packet's timestamp. */
UINT32 IfIdx; /* Packet's interface index. */
UINT32 SubIfIdx; /* Packet's sub-interface index. */
UINT8 Direction:1; /* Packet's direction. */
UINT8 Loopback:1; /* Packet is loopback? */
UINT8 Impostor:1; /* Packet is impostor? */
UINT8 PseudoIPChecksum:1; /* Packet has pseudo IPv4 checksum? */
UINT8 PseudoTCPChecksum:1; /* Packet has pseudo TCP checksum? */
UINT8 PseudoUDPChecksum:1; /* Packet has pseudo UDP checksum? */
UINT8 Reserved:2;
} WINDIVERT_ADDRESS, *PWINDIVERT_ADDRESS;
#define WINDIVERT_DIRECTION_OUTBOUND 0
#define WINDIVERT_DIRECTION_INBOUND 1
/*
* Divert layers.
* WinDivert layers.
*/
typedef enum
{
WINDIVERT_LAYER_NETWORK = 0, /* Network layer. */
WINDIVERT_LAYER_NETWORK_FORWARD = 1 /* Network layer (forwarded packets) */
WINDIVERT_LAYER_NETWORK_FORWARD = 1,/* Network layer (forwarded packets) */
WINDIVERT_LAYER_FLOW = 2, /* Flow layer. */
WINDIVERT_LAYER_SOCKET = 3, /* Socket layer. */
WINDIVERT_LAYER_REFLECT = 4, /* Reflect layer. */
} WINDIVERT_LAYER, *PWINDIVERT_LAYER;
/*
* Divert flags.
* WinDivert NETWORK and NETWORK_FORWARD layer data.
*/
#define WINDIVERT_FLAG_SNIFF 1
#define WINDIVERT_FLAG_DROP 2
#define WINDIVERT_FLAG_DEBUG 4
typedef struct
{
UINT32 IfIdx; /* Packet's interface index. */
UINT32 SubIfIdx; /* Packet's sub-interface index. */
} WINDIVERT_DATA_NETWORK, *PWINDIVERT_DATA_NETWORK;
/*
* Divert parameters.
* WinDivert FLOW layer data.
*/
typedef struct
{
UINT64 EndpointId; /* Endpoint ID. */
UINT64 ParentEndpointId; /* Parent endpoint ID. */
UINT32 ProcessId; /* Process ID. */
UINT32 LocalAddr[4]; /* Local address. */
UINT32 RemoteAddr[4]; /* Remote address. */
UINT16 LocalPort; /* Local port. */
UINT16 RemotePort; /* Remote port. */
UINT8 Protocol; /* Protocol. */
} WINDIVERT_DATA_FLOW, *PWINDIVERT_DATA_FLOW;
/*
* WinDivert SOCKET layer data.
*/
typedef struct
{
UINT64 EndpointId; /* Endpoint ID. */
UINT64 ParentEndpointId; /* Parent Endpoint ID. */
UINT32 ProcessId; /* Process ID. */
UINT32 LocalAddr[4]; /* Local address. */
UINT32 RemoteAddr[4]; /* Remote address. */
UINT16 LocalPort; /* Local port. */
UINT16 RemotePort; /* Remote port. */
UINT8 Protocol; /* Protocol. */
} WINDIVERT_DATA_SOCKET, *PWINDIVERT_DATA_SOCKET;
/*
* WinDivert REFLECTION layer data.
*/
typedef struct
{
INT64 Timestamp; /* Handle open time. */
UINT32 ProcessId; /* Handle process ID. */
WINDIVERT_LAYER Layer; /* Handle layer. */
UINT64 Flags; /* Handle flags. */
INT16 Priority; /* Handle priority. */
} WINDIVERT_DATA_REFLECT, *PWINDIVERT_DATA_REFLECT;
/*
* WinDivert address.
*/
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable: 4201)
#endif
typedef struct
{
INT64 Timestamp; /* Packet's timestamp. */
UINT32 Layer:8; /* Packet's layer. */
UINT32 Event:8; /* Packet event. */
UINT32 Sniffed:1; /* Packet was sniffed? */
UINT32 Outbound:1; /* Packet is outound? */
UINT32 Loopback:1; /* Packet is loopback? */
UINT32 Impostor:1; /* Packet is impostor? */
UINT32 IPv6:1; /* Packet is IPv6? */
UINT32 IPChecksum:1; /* Packet has valid IPv4 checksum? */
UINT32 TCPChecksum:1; /* Packet has valid TCP checksum? */
UINT32 UDPChecksum:1; /* Packet has valid UDP checksum? */
UINT32 Reserved1:8;
UINT32 Reserved2;
union
{
WINDIVERT_DATA_NETWORK Network; /* Network layer data. */
WINDIVERT_DATA_FLOW Flow; /* Flow layer data. */
WINDIVERT_DATA_SOCKET Socket; /* Socket layer data. */
WINDIVERT_DATA_REFLECT Reflect; /* Reflect layer data. */
UINT8 Reserved3[64];
};
} WINDIVERT_ADDRESS, *PWINDIVERT_ADDRESS;
#ifdef _MSC_VER
#pragma warning(pop)
#endif
/*
* WinDivert events.
*/
typedef enum
{
WINDIVERT_PARAM_QUEUE_LEN = 0, /* Packet queue length. */
WINDIVERT_EVENT_NETWORK_PACKET = 0, /* Network packet. */
WINDIVERT_EVENT_FLOW_ESTABLISHED = 1,
/* Flow established. */
WINDIVERT_EVENT_FLOW_DELETED = 2, /* Flow deleted. */
WINDIVERT_EVENT_SOCKET_BIND = 3, /* Socket bind. */
WINDIVERT_EVENT_SOCKET_CONNECT = 4, /* Socket connect. */
WINDIVERT_EVENT_SOCKET_LISTEN = 5, /* Socket listen. */
WINDIVERT_EVENT_SOCKET_ACCEPT = 6, /* Socket accept. */
WINDIVERT_EVENT_SOCKET_CLOSE = 7, /* Socket close. */
WINDIVERT_EVENT_REFLECT_OPEN = 8, /* WinDivert handle opened. */
WINDIVERT_EVENT_REFLECT_CLOSE = 9, /* WinDivert handle closed. */
} WINDIVERT_EVENT, *PWINDIVERT_EVENT;
/*
* WinDivert flags.
*/
#define WINDIVERT_FLAG_SNIFF 0x0001
#define WINDIVERT_FLAG_DROP 0x0002
#define WINDIVERT_FLAG_RECV_ONLY 0x0004
#define WINDIVERT_FLAG_READ_ONLY WINDIVERT_FLAG_RECV_ONLY
#define WINDIVERT_FLAG_SEND_ONLY 0x0008
#define WINDIVERT_FLAG_WRITE_ONLY WINDIVERT_FLAG_SEND_ONLY
#define WINDIVERT_FLAG_NO_INSTALL 0x0010
#define WINDIVERT_FLAG_FRAGMENTS 0x0020
/*
* WinDivert parameters.
*/
typedef enum
{
WINDIVERT_PARAM_QUEUE_LENGTH = 0, /* Packet queue length. */
WINDIVERT_PARAM_QUEUE_TIME = 1, /* Packet queue time. */
WINDIVERT_PARAM_QUEUE_SIZE = 2 /* Packet queue size. */
WINDIVERT_PARAM_QUEUE_SIZE = 2, /* Packet queue size. */
WINDIVERT_PARAM_VERSION_MAJOR = 3, /* Driver version (major). */
WINDIVERT_PARAM_VERSION_MINOR = 4, /* Driver version (minor). */
} WINDIVERT_PARAM, *PWINDIVERT_PARAM;
#define WINDIVERT_PARAM_MAX WINDIVERT_PARAM_QUEUE_SIZE
#define WINDIVERT_PARAM_MAX WINDIVERT_PARAM_VERSION_MINOR
/*
* WinDivert shutdown parameter.
*/
typedef enum
{
WINDIVERT_SHUTDOWN_RECV = 0x1, /* Shutdown recv. */
WINDIVERT_SHUTDOWN_SEND = 0x2, /* Shutdown send. */
WINDIVERT_SHUTDOWN_BOTH = 0x3, /* Shutdown recv and send. */
} WINDIVERT_SHUTDOWN, *PWINDIVERT_SHUTDOWN;
#define WINDIVERT_SHUTDOWN_MAX WINDIVERT_SHUTDOWN_BOTH
#ifndef WINDIVERT_KERNEL
/*
* Open a WinDivert handle.
*/
extern WINDIVERTEXPORT HANDLE WinDivertOpen(
WINDIVERTEXPORT HANDLE WinDivertOpen(
__in const char *filter,
__in WINDIVERT_LAYER layer,
__in INT16 priority,
@@ -130,57 +235,66 @@ extern WINDIVERTEXPORT HANDLE WinDivertOpen(
/*
* Receive (read) a packet from a WinDivert handle.
*/
extern WINDIVERTEXPORT BOOL WinDivertRecv(
WINDIVERTEXPORT BOOL WinDivertRecv(
__in HANDLE handle,
__out PVOID pPacket,
__out_opt VOID *pPacket,
__in UINT packetLen,
__out_opt PWINDIVERT_ADDRESS pAddr,
__out_opt UINT *readLen);
__out_opt UINT *pRecvLen,
__out_opt WINDIVERT_ADDRESS *pAddr);
/*
* Receive (read) a packet from a WinDivert handle.
*/
extern WINDIVERTEXPORT BOOL WinDivertRecvEx(
WINDIVERTEXPORT BOOL WinDivertRecvEx(
__in HANDLE handle,
__out PVOID pPacket,
__out_opt VOID *pPacket,
__in UINT packetLen,
__out_opt UINT *pRecvLen,
__in UINT64 flags,
__out_opt PWINDIVERT_ADDRESS pAddr,
__out_opt UINT *readLen,
__out WINDIVERT_ADDRESS *pAddr,
__inout_opt UINT *pAddrLen,
__inout_opt LPOVERLAPPED lpOverlapped);
/*
* Send (write/inject) a packet to a WinDivert handle.
*/
extern WINDIVERTEXPORT BOOL WinDivertSend(
WINDIVERTEXPORT BOOL WinDivertSend(
__in HANDLE handle,
__in PVOID pPacket,
__in const VOID *pPacket,
__in UINT packetLen,
__in PWINDIVERT_ADDRESS pAddr,
__out_opt UINT *writeLen);
__out_opt UINT *pSendLen,
__in const WINDIVERT_ADDRESS *pAddr);
/*
* Send (write/inject) a packet to a WinDivert handle.
*/
extern WINDIVERTEXPORT BOOL WinDivertSendEx(
WINDIVERTEXPORT BOOL WinDivertSendEx(
__in HANDLE handle,
__in PVOID pPacket,
__in const VOID *pPacket,
__in UINT packetLen,
__out_opt UINT *pSendLen,
__in UINT64 flags,
__in PWINDIVERT_ADDRESS pAddr,
__out_opt UINT *writeLen,
__in const WINDIVERT_ADDRESS *pAddr,
__in UINT addrLen,
__inout_opt LPOVERLAPPED lpOverlapped);
/*
* Shutdown a WinDivert handle.
*/
WINDIVERTEXPORT BOOL WinDivertShutdown(
__in HANDLE handle,
__in WINDIVERT_SHUTDOWN how);
/*
* Close a WinDivert handle.
*/
extern WINDIVERTEXPORT BOOL WinDivertClose(
WINDIVERTEXPORT BOOL WinDivertClose(
__in HANDLE handle);
/*
* Set a WinDivert handle parameter.
*/
extern WINDIVERTEXPORT BOOL WinDivertSetParam(
WINDIVERTEXPORT BOOL WinDivertSetParam(
__in HANDLE handle,
__in WINDIVERT_PARAM param,
__in UINT64 value);
@@ -188,17 +302,39 @@ extern WINDIVERTEXPORT BOOL WinDivertSetParam(
/*
* Get a WinDivert handle parameter.
*/
extern WINDIVERTEXPORT BOOL WinDivertGetParam(
WINDIVERTEXPORT BOOL WinDivertGetParam(
__in HANDLE handle,
__in WINDIVERT_PARAM param,
__out UINT64 *pValue);
#endif /* WINDIVERT_KERNEL */
/*
* WinDivert constants.
*/
#define WINDIVERT_PRIORITY_HIGHEST 30000
#define WINDIVERT_PRIORITY_LOWEST (-WINDIVERT_PRIORITY_HIGHEST)
#define WINDIVERT_PARAM_QUEUE_LENGTH_DEFAULT 4096
#define WINDIVERT_PARAM_QUEUE_LENGTH_MIN 32
#define WINDIVERT_PARAM_QUEUE_LENGTH_MAX 16384
#define WINDIVERT_PARAM_QUEUE_TIME_DEFAULT 2000 /* 2s */
#define WINDIVERT_PARAM_QUEUE_TIME_MIN 100 /* 100ms */
#define WINDIVERT_PARAM_QUEUE_TIME_MAX 16000 /* 16s */
#define WINDIVERT_PARAM_QUEUE_SIZE_DEFAULT 4194304 /* 4MB */
#define WINDIVERT_PARAM_QUEUE_SIZE_MIN 65535 /* 64KB */
#define WINDIVERT_PARAM_QUEUE_SIZE_MAX 33554432 /* 32MB */
#define WINDIVERT_BATCH_MAX 0xFF /* 255 */
#define WINDIVERT_MTU_MAX (40 + 0xFFFF)
/****************************************************************************/
/* WINDIVERT HELPER API */
/****************************************************************************/
#ifdef _MSC_VER
#pragma warning(push)
#pragma warning(disable: 4214)
#endif
/*
* IPv4/IPv6/ICMP/ICMPv6/TCP/UDP header definitions.
*/
@@ -333,7 +469,9 @@ typedef struct
UINT16 Checksum;
} WINDIVERT_UDPHDR, *PWINDIVERT_UDPHDR;
#ifndef WINDIVERT_KERNEL
#ifdef _MSC_VER
#pragma warning(pop)
#endif
/*
* Flags for WinDivertHelperCalcChecksums()
@@ -344,62 +482,144 @@ typedef struct
#define WINDIVERT_HELPER_NO_TCP_CHECKSUM 8
#define WINDIVERT_HELPER_NO_UDP_CHECKSUM 16
#ifndef WINDIVERT_KERNEL
/*
* Hash a packet.
*/
WINDIVERTEXPORT UINT64 WinDivertHelperHashPacket(
__in const VOID *pPacket,
__in UINT packetLen,
__in UINT64 seed
#ifdef __cplusplus
= 0
#endif
);
/*
* Parse IPv4/IPv6/ICMP/ICMPv6/TCP/UDP headers from a raw packet.
*/
extern WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
__in PVOID pPacket,
WINDIVERTEXPORT BOOL WinDivertHelperParsePacket(
__in const VOID *pPacket,
__in UINT packetLen,
__out_opt PWINDIVERT_IPHDR *ppIpHdr,
__out_opt PWINDIVERT_IPV6HDR *ppIpv6Hdr,
__out_opt UINT8 *pProtocol,
__out_opt PWINDIVERT_ICMPHDR *ppIcmpHdr,
__out_opt PWINDIVERT_ICMPV6HDR *ppIcmpv6Hdr,
__out_opt PWINDIVERT_TCPHDR *ppTcpHdr,
__out_opt PWINDIVERT_UDPHDR *ppUdpHdr,
__out_opt PVOID *ppData,
__out_opt UINT *pDataLen);
__out_opt UINT *pDataLen,
__out_opt PVOID *ppNext,
__out_opt UINT *pNextLen);
/*
* Parse an IPv4 address.
*/
extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
WINDIVERTEXPORT BOOL WinDivertHelperParseIPv4Address(
__in const char *addrStr,
__out_opt UINT32 *pAddr);
/*
* Parse an IPv6 address.
*/
extern WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
WINDIVERTEXPORT BOOL WinDivertHelperParseIPv6Address(
__in const char *addrStr,
__out_opt UINT32 *pAddr);
/*
* Format an IPv4 address.
*/
WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv4Address(
__in UINT32 addr,
__out char *buffer,
__in UINT bufLen);
/*
* Format an IPv6 address.
*/
WINDIVERTEXPORT BOOL WinDivertHelperFormatIPv6Address(
__in const UINT32 *pAddr,
__out char *buffer,
__in UINT bufLen);
/*
* Calculate IPv4/IPv6/ICMP/ICMPv6/TCP/UDP checksums.
*/
extern WINDIVERTEXPORT UINT WinDivertHelperCalcChecksums(
__inout PVOID pPacket,
WINDIVERTEXPORT BOOL WinDivertHelperCalcChecksums(
__inout VOID *pPacket,
__in UINT packetLen,
__in_opt PWINDIVERT_ADDRESS pAddr,
__out_opt WINDIVERT_ADDRESS *pAddr,
__in UINT64 flags);
/*
* Check the given filter string.
* Decrement the TTL/HopLimit.
*/
extern WINDIVERTEXPORT BOOL WinDivertHelperCheckFilter(
WINDIVERTEXPORT BOOL WinDivertHelperDecrementTTL(
__inout VOID *pPacket,
__in UINT packetLen);
/*
* Compile the given filter string.
*/
WINDIVERTEXPORT BOOL WinDivertHelperCompileFilter(
__in const char *filter,
__in WINDIVERT_LAYER layer,
__out_opt char *object,
__in UINT objLen,
__out_opt const char **errorStr,
__out_opt UINT *errorPos);
/*
* Evaluate the given filter string.
*/
extern WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
WINDIVERTEXPORT BOOL WinDivertHelperEvalFilter(
__in const char *filter,
__in const VOID *pPacket,
__in UINT packetLen,
__in const WINDIVERT_ADDRESS *pAddr);
/*
* Format the given filter string.
*/
WINDIVERTEXPORT BOOL WinDivertHelperFormatFilter(
__in const char *filter,
__in WINDIVERT_LAYER layer,
__in PVOID pPacket,
__in UINT packetLen,
__in PWINDIVERT_ADDRESS pAddr);
__out char *buffer,
__in UINT bufLen);
/*
* Byte ordering.
*/
WINDIVERTEXPORT UINT16 WinDivertHelperNtohs(
__in UINT16 x);
WINDIVERTEXPORT UINT16 WinDivertHelperHtons(
__in UINT16 x);
WINDIVERTEXPORT UINT32 WinDivertHelperNtohl(
__in UINT32 x);
WINDIVERTEXPORT UINT32 WinDivertHelperHtonl(
__in UINT32 x);
WINDIVERTEXPORT UINT64 WinDivertHelperNtohll(
__in UINT64 x);
WINDIVERTEXPORT UINT64 WinDivertHelperHtonll(
__in UINT64 x);
WINDIVERTEXPORT void WinDivertHelperNtohIPv6Address(
__in const UINT *inAddr,
__out UINT *outAddr);
WINDIVERTEXPORT void WinDivertHelperHtonIPv6Address(
__in const UINT *inAddr,
__out UINT *outAddr);
/*
* Old names to be removed in the next version.
*/
WINDIVERTEXPORT void WinDivertHelperNtohIpv6Address(
__in const UINT *inAddr,
__out UINT *outAddr);
WINDIVERTEXPORT void WinDivertHelperHtonIpv6Address(
__in const UINT *inAddr,
__out UINT *outAddr);
#endif /* WINDIVERT_KERNEL */
include/windivert_device.h
+156 -60
View File
@@ -1,6 +1,6 @@
/*
* windivert_device.h
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -38,14 +38,17 @@
/*
* NOTE: This is the low-level interface to the WinDivert device driver.
* This interface should not be used directly, instead use the high-level
* interface provided by the divert API.
* interface provided by the WinDivert API.
*/
#define WINDIVERT_KERNEL
#include "windivert.h"
#define WINDIVERT_VERSION 1
#define WINDIVERT_VERSION_MINOR 4
#define WINDIVERT_VERSION_MAJOR 2
#define WINDIVERT_VERSION_MINOR 2
#define WINDIVERT_MAGIC_DLL 0x4C4C447669645724ull
#define WINDIVERT_MAGIC_SYS 0x5359537669645723ull
#define WINDIVERT_STR2(s) #s
#define WINDIVERT_STR(s) WINDIVERT_STR2(s)
@@ -53,14 +56,13 @@
#define WINDIVERT_LSTR(s) WINDIVERT_LSTR2(s)
#define WINDIVERT_VERSION_LSTR \
WINDIVERT_LSTR(WINDIVERT_VERSION) L"." \
WINDIVERT_LSTR(WINDIVERT_VERSION_MAJOR) L"." \
WINDIVERT_LSTR(WINDIVERT_VERSION_MINOR)
#define WINDIVERT_DEVICE_NAME \
L"WinDivert" WINDIVERT_VERSION_LSTR
#define WINDIVERT_IOCTL_VERSION 6
#define WINDIVERT_IOCTL_MAGIC 0xA2BF
L"WinDivert"
#define WINDIVERT_LAYER_NAME \
WINDIVERT_DEVICE_NAME WINDIVERT_VERSION_LSTR
#define WINDIVERT_FILTER_FIELD_ZERO 0
#define WINDIVERT_FILTER_FIELD_INBOUND 1
@@ -122,8 +124,34 @@
#define WINDIVERT_FILTER_FIELD_UDP_PAYLOADLENGTH 57
#define WINDIVERT_FILTER_FIELD_LOOPBACK 58
#define WINDIVERT_FILTER_FIELD_IMPOSTOR 59
#define WINDIVERT_FILTER_FIELD_PROCESSID 60
#define WINDIVERT_FILTER_FIELD_LOCALADDR 61
#define WINDIVERT_FILTER_FIELD_REMOTEADDR 62
#define WINDIVERT_FILTER_FIELD_LOCALPORT 63
#define WINDIVERT_FILTER_FIELD_REMOTEPORT 64
#define WINDIVERT_FILTER_FIELD_PROTOCOL 65
#define WINDIVERT_FILTER_FIELD_ENDPOINTID 66
#define WINDIVERT_FILTER_FIELD_PARENTENDPOINTID 67
#define WINDIVERT_FILTER_FIELD_LAYER 68
#define WINDIVERT_FILTER_FIELD_PRIORITY 69
#define WINDIVERT_FILTER_FIELD_EVENT 70
#define WINDIVERT_FILTER_FIELD_PACKET 71
#define WINDIVERT_FILTER_FIELD_PACKET16 72
#define WINDIVERT_FILTER_FIELD_PACKET32 73
#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD 74
#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD16 75
#define WINDIVERT_FILTER_FIELD_TCP_PAYLOAD32 76
#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD 77
#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD16 78
#define WINDIVERT_FILTER_FIELD_UDP_PAYLOAD32 79
#define WINDIVERT_FILTER_FIELD_LENGTH 80
#define WINDIVERT_FILTER_FIELD_TIMESTAMP 81
#define WINDIVERT_FILTER_FIELD_RANDOM8 82
#define WINDIVERT_FILTER_FIELD_RANDOM16 83
#define WINDIVERT_FILTER_FIELD_RANDOM32 84
#define WINDIVERT_FILTER_FIELD_FRAGMENT 85
#define WINDIVERT_FILTER_FIELD_MAX \
WINDIVERT_FILTER_FIELD_IMPOSTOR
WINDIVERT_FILTER_FIELD_FRAGMENT
#define WINDIVERT_FILTER_TEST_EQ 0
#define WINDIVERT_FILTER_TEST_NEQ 1
@@ -133,97 +161,165 @@
#define WINDIVERT_FILTER_TEST_GEQ 5
#define WINDIVERT_FILTER_TEST_MAX WINDIVERT_FILTER_TEST_GEQ
#define WINDIVERT_FILTER_MAXLEN 128
#define WINDIVERT_FILTER_MAXLEN 256
#define WINDIVERT_FILTER_RESULT_ACCEPT (WINDIVERT_FILTER_MAXLEN+1)
#define WINDIVERT_FILTER_RESULT_REJECT (WINDIVERT_FILTER_MAXLEN+2)
#define WINDIVERT_FILTER_RESULT_ACCEPT 0x7FFE
#define WINDIVERT_FILTER_RESULT_REJECT 0x7FFF
/*
* WinDivert layers.
*/
#define WINDIVERT_LAYER_DEFAULT WINDIVERT_LAYER_NETWORK
#define WINDIVERT_LAYER_MAX \
WINDIVERT_LAYER_NETWORK_FORWARD
#define WINDIVERT_LAYER_MAX WINDIVERT_LAYER_REFLECT
/*
* WinDivert events.
*/
#define WINDIVERT_EVENT_MAX \
WINDIVERT_EVENT_REFLECT_CLOSE
/*
* WinDivert flags.
*/
#define WINDIVERT_FLAGS_ALL \
(WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_DROP | WINDIVERT_FLAG_DEBUG)
(WINDIVERT_FLAG_SNIFF | WINDIVERT_FLAG_DROP | WINDIVERT_FLAG_RECV_ONLY |\
WINDIVERT_FLAG_SEND_ONLY | WINDIVERT_FLAG_NO_INSTALL | \
WINDIVERT_FLAG_FRAGMENTS)
#define WINDIVERT_FLAGS_EXCLUDE(flags, flag1, flag2) \
(((flags) & ((flag1) | (flag2))) != ((flag1) | (flag2)))
#define WINDIVERT_FLAGS_VALID(flags) \
((((flags) & ~WINDIVERT_FLAGS_ALL) == 0) && \
WINDIVERT_FLAGS_EXCLUDE(flags, WINDIVERT_FLAG_SNIFF, \
WINDIVERT_FLAG_DROP))
WINDIVERT_FLAG_DROP) && \
WINDIVERT_FLAGS_EXCLUDE(flags, WINDIVERT_FLAG_RECV_ONLY, \
WINDIVERT_FLAG_SEND_ONLY))
/*
* WinDivert filter flags.
*/
#define WINDIVERT_FILTER_FLAG_INBOUND 0x0000000000000010ull
#define WINDIVERT_FILTER_FLAG_OUTBOUND 0x0000000000000020ull
#define WINDIVERT_FILTER_FLAG_IP 0x0000000000000040ull
#define WINDIVERT_FILTER_FLAG_IPV6 0x0000000000000080ull
#define WINDIVERT_FILTER_FLAG_EVENT_FLOW_DELETED 0x0000000000000100ull
#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_BIND 0x0000000000000200ull
#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CONNECT 0x0000000000000400ull
#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_LISTEN 0x0000000000000800ull
#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_ACCEPT 0x0000000000001000ull
#define WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CLOSE 0x0000000000002000ull
#define WINDIVERT_FILTER_FLAGS_ALL \
(WINDIVERT_FILTER_FLAG_INBOUND | \
WINDIVERT_FILTER_FLAG_OUTBOUND | \
WINDIVERT_FILTER_FLAG_IP | \
WINDIVERT_FILTER_FLAG_IPV6 | \
WINDIVERT_FILTER_FLAG_EVENT_FLOW_DELETED | \
WINDIVERT_FILTER_FLAG_EVENT_SOCKET_BIND | \
WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CONNECT | \
WINDIVERT_FILTER_FLAG_EVENT_SOCKET_LISTEN | \
WINDIVERT_FILTER_FLAG_EVENT_SOCKET_ACCEPT | \
WINDIVERT_FILTER_FLAG_EVENT_SOCKET_CLOSE)
/*
* WinDivert priorities.
*/
#define WINDIVERT_PRIORITY(priority16) \
((UINT32)((INT32)(priority16) + 0x7FFF + 1))
#define WINDIVERT_PRIORITY_DEFAULT WINDIVERT_PRIORITY(0)
#define WINDIVERT_PRIORITY_MAX WINDIVERT_PRIORITY(1000)
#define WINDIVERT_PRIORITY_MIN WINDIVERT_PRIORITY(-1000)
#define WINDIVERT_PRIORITY_MAX WINDIVERT_PRIORITY_HIGHEST
#define WINDIVERT_PRIORITY_MIN WINDIVERT_PRIORITY_LOWEST
/*
* WinDivert parameters.
* WinDivert timestamps.
*/
#define WINDIVERT_PARAM_QUEUE_LEN_DEFAULT 2048
#define WINDIVERT_PARAM_QUEUE_LEN_MIN 16
#define WINDIVERT_PARAM_QUEUE_LEN_MAX 16384
#define WINDIVERT_PARAM_QUEUE_TIME_DEFAULT 1000 // 1s
#define WINDIVERT_PARAM_QUEUE_TIME_MIN 20 // 20ms
#define WINDIVERT_PARAM_QUEUE_TIME_MAX 8000 // 8s
#define WINDIVERT_PARAM_QUEUE_SIZE_MIN 65535 // 64KB
#define WINDIVERT_PARAM_QUEUE_SIZE_MAX 33554432 // 32MB
#define WINDIVERT_PARAM_QUEUE_SIZE_DEFAULT 4194304 // 4MB
#define WINDIVERT_TIMESTAMP_MAX 0x7FFFFFFFFFFFFFFFull
/*
* WinDivert message definitions.
*/
#pragma pack(push, 1)
struct windivert_ioctl_s
typedef union
{
UINT16 magic; // WINDIVERT_IOCTL_MAGIC
UINT8 version; // WINDIVERT_IOCTL_VERSION
UINT8 arg8; // 8-bit argument
UINT64 arg; // 64-bit argument
};
typedef struct windivert_ioctl_s *windivert_ioctl_t;
struct
{
UINT64 addr; // WINDIVERT_ADDRESS pointer.
UINT64 addr_len_ptr; // sizeof(addr) pointer.
} recv;
struct
{
UINT64 addr; // WINDIVERT_ADDRESS pointer.
UINT64 addr_len; // sizeof(addr).
} send;
struct
{
UINT32 layer; // Handle layer.
UINT32 priority; // Handle priority.
UINT64 flags; // Handle flags.
} initialize;
struct
{
UINT64 flags; // Filter flags.
} startup;
struct
{
UINT32 how; // WINDIVERT_SHUTDOWN_*
} shutdown;
struct
{
UINT32 param; // WINDIVERT_PARAM_*
} get_param;
struct
{
UINT64 val; // Value pointer.
UINT32 param; // WINDIVERT_PARAM_*
} set_param;
} WINDIVERT_IOCTL, *PWINDIVERT_IOCTL;
/*
* WinDivert IOCTL structures.
* WinDivert initialization structure.
*/
struct windivert_ioctl_filter_s
typedef struct
{
UINT8 field; // WINDIVERT_FILTER_FIELD_IP_*
UINT8 test; // WINDIVERT_FILTER_TEST_*
UINT16 success; // Success continuation.
UINT16 failure; // Fail continuation.
UINT64 magic; // Magic number (in/out).
UINT32 major; // Driver major version (in/out).
UINT32 minor; // Driver minor version (in/out).
UINT32 bits; // 32 or 64 (in/out).
UINT32 reserved32[3];
UINT64 reserved64[4];
} WINDIVERT_VERSION, *PWINDIVERT_VERSION;
/*
* WinDivert filter structure.
*/
typedef struct
{
UINT32 field:11; // WINDIVERT_FILTER_FIELD_*
UINT32 test:5; // WINDIVERT_FILTER_TEST_*
UINT32 success:16; // Success continuation.
UINT32 failure:16; // Fail continuation.
UINT32 neg:1; // Argument negative?
UINT32 reserved:15;
UINT32 arg[4]; // Argument.
};
typedef struct windivert_ioctl_filter_s *windivert_ioctl_filter_t;
} WINDIVERT_FILTER, *PWINDIVERT_FILTER;
#pragma pack(pop)
/*
* IOCTL codes.
*/
#define IOCTL_WINDIVERT_INITIALIZE \
CTL_CODE(FILE_DEVICE_NETWORK, 0x921, METHOD_OUT_DIRECT, FILE_READ_DATA |\
FILE_WRITE_DATA)
#define IOCTL_WINDIVERT_STARTUP \
CTL_CODE(FILE_DEVICE_NETWORK, 0x922, METHOD_IN_DIRECT, FILE_READ_DATA | \
FILE_WRITE_DATA)
#define IOCTL_WINDIVERT_RECV \
CTL_CODE(FILE_DEVICE_NETWORK, 0x908, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
CTL_CODE(FILE_DEVICE_NETWORK, 0x923, METHOD_OUT_DIRECT, FILE_READ_DATA)
#define IOCTL_WINDIVERT_SEND \
CTL_CODE(FILE_DEVICE_NETWORK, 0x909, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
#define IOCTL_WINDIVERT_START_FILTER \
CTL_CODE(FILE_DEVICE_NETWORK, 0x90A, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
#define IOCTL_WINDIVERT_SET_LAYER \
CTL_CODE(FILE_DEVICE_NETWORK, 0x90B, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
#define IOCTL_WINDIVERT_SET_PRIORITY \
CTL_CODE(FILE_DEVICE_NETWORK, 0x90C, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
#define IOCTL_WINDIVERT_SET_FLAGS \
CTL_CODE(FILE_DEVICE_NETWORK, 0x90D, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
CTL_CODE(FILE_DEVICE_NETWORK, 0x924, METHOD_IN_DIRECT, FILE_READ_DATA | \
FILE_WRITE_DATA)
#define IOCTL_WINDIVERT_SET_PARAM \
CTL_CODE(FILE_DEVICE_NETWORK, 0x90E, METHOD_IN_DIRECT, FILE_ANY_ACCESS)
CTL_CODE(FILE_DEVICE_NETWORK, 0x925, METHOD_IN_DIRECT, FILE_READ_DATA | \
FILE_WRITE_DATA)
#define IOCTL_WINDIVERT_GET_PARAM \
CTL_CODE(FILE_DEVICE_NETWORK, 0x90F, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
CTL_CODE(FILE_DEVICE_NETWORK, 0x926, METHOD_OUT_DIRECT, FILE_READ_DATA)
#define IOCTL_WINDIVERT_SHUTDOWN \
CTL_CODE(FILE_DEVICE_NETWORK, 0x927, METHOD_IN_DIRECT, FILE_READ_DATA | \
FILE_WRITE_DATA)
#endif /* __WINDIVERT_DEVICE_H */
inf/windivert32.inf
+6 -12
View File
@@ -4,7 +4,7 @@ Class = WFPCALLOUTS
ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
Provider = %Basil%
CatalogFile = WinDivert32.Cat
DriverVer = 10/22/2017,1.4.0
DriverVer = 08/08/2019,2.2.0
[SourceDisksNames]
1 = %DiskName%
@@ -23,12 +23,6 @@ CopyFiles = WinDivertCalloutDriver.DriverFiles
[DefaultInstall.Services]
AddService = %ServiceName%,,WinDivertCalloutDriver.Service
[DefaultUninstall]
DelFiles = WinDivertCalloutDriver.DriverFiles
[DefaultUninstall.Services]
DelService = WinDivertCalloutDriver,0x200 ; SPSVCINST_STOPSERVICE
[WinDivertCalloutDriver.DriverFiles]
WinDivert32.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY
@@ -41,8 +35,8 @@ ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\WinDivert32.sys
[Strings]
%Basil% = "Basil"
%DiskName% = "WinDivert Installation Disk"
%Description% = "WinDivert Driver"
%ServiceName% = "WinDivert"
%ServiceDesc% = "WinDivert Driver"
Basil = "Basil"
DiskName = "WinDivert Installation Disk"
Description = "WinDivert Driver"
ServiceName = "WinDivert"
ServiceDesc = "WinDivert Driver"
inf/windivert64.inf
+6 -12
View File
@@ -4,7 +4,7 @@ Class = WFPCALLOUTS
ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
Provider = %Basil%
CatalogFile = WinDivert64.Cat
DriverVer = 10/22/2017,1.4.0
DriverVer = 08/08/2019,2.2.0
[SourceDisksNames]
1 = %DiskName%
@@ -23,12 +23,6 @@ CopyFiles = WinDivertCalloutDriver.DriverFiles
[DefaultInstall.Services]
AddService = %ServiceName%,,WinDivertCalloutDriver.Service
[DefaultUninstall]
DelFiles = WinDivertCalloutDriver.DriverFiles
[DefaultUninstall.Services]
DelService = WinDivertCalloutDriver,0x200 ; SPSVCINST_STOPSERVICE
[WinDivertCalloutDriver.DriverFiles]
WinDivert64.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY
@@ -41,8 +35,8 @@ ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\WinDivert64.sys
[Strings]
%Basil% = "Basil"
%DiskName% = "WinDivert Installation Disk"
%Description% = "WinDivert Driver"
%ServiceName% = "WinDivert"
%ServiceDesc% = "WinDivert Driver"
Basil = "Basil"
DiskName = "WinDivert Installation Disk"
Description = "WinDivert Driver"
ServiceName = "WinDivert"
ServiceDesc = "WinDivert Driver"
mingw-build.sh
+44 -15
View File
@@ -1,7 +1,7 @@
#!/bin/bash
#
# mingw-build.sh
# (C) 2018, all rights reserved,
# (C) 2019, all rights reserved,
#
# This file is part of WinDivert.
#
@@ -33,12 +33,17 @@
# Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# Script for MinGW/Linux cross compilation.
# NOTE: run wddk-build.bat before this script.
# NOTE: run msvc-build.bat before this script.
set -e
ENVS="i686-w64-mingw32 x86_64-w64-mingw32"
if [ "$1" = "debug" ]
then
EXTRA_OPTS="-lmsvcrt -include stdio.h"
fi
for ENV in $ENVS
do
if [ $ENV = "i686-w64-mingw32" ]
@@ -51,18 +56,19 @@ do
BITS=64
MANGLE=
fi
if [ ! -d install/WDDK/$CPU ]
HAVE_SYS=yes
if [ ! -d install/MSVC/$CPU ]
then
echo "WARNING: missing WDDK build; run wddk-build.bat first"
echo "SKIP WDDK-$CPU"
continue
echo "WARNING: missing MSVC build; run msvc-build.bat first"
HAVE_SYS=no
fi
echo "BUILD WDDK-$CPU"
echo "BUILD MINGW-$CPU"
CC="$ENV-gcc"
COPTS="-shared -Wall -Wno-pointer-to-int-cast -O2 -Iinclude/
COPTS="-fno-ident -shared -Wall -Wno-pointer-to-int-cast -Os -Iinclude/
-Wl,--enable-stdcall-fixup -Wl,--entry=${MANGLE}WinDivertDllEntry"
CLIBS="-lgcc -lmsvcrt -lkernel32 -ladvapi32"
CLIBS="-lkernel32 -ladvapi32 $EXTRA_OPTS"
STRIP="$ENV-strip"
DLLTOOL="$ENV-dlltool"
if [ -x "`which $CC`" ]
then
echo "\tmake install/MINGW/$CPU..."
@@ -72,28 +78,51 @@ do
$CC $COPTS -o "install/MINGW/$CPU/WinDivert.dll" \
dll/windivert.o dll/windivert.def -nostdlib $CLIBS
$STRIP "install/MINGW/$CPU/WinDivert.dll"
echo "\tbuild install/MINGW/$CPU/WinDivert.lib..."
$DLLTOOL --dllname install/MINGW/$CPU/WinDivert.dll \
--def dll/windivert.def \
--output-lib install/MINGW/$CPU/WinDivert.lib 2>/dev/null
echo "\tbuild install/MINGW/$CPU/netdump.exe..."
$CC -s -O2 -Iinclude/ examples/netdump/netdump.c \
-o "install/MINGW/$CPU/netdump.exe" -lWinDivert -lws2_32 \
-o "install/MINGW/$CPU/netdump.exe" -lWinDivert \
-L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/netfilter.exe..."
$CC -s -O2 -Iinclude/ examples/netfilter/netfilter.c \
-o "install/MINGW/$CPU/netfilter.exe" -lWinDivert -lws2_32 \
-o "install/MINGW/$CPU/netfilter.exe" -lWinDivert \
-L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/passthru.exe..."
$CC -s -O2 -Iinclude/ examples/passthru/passthru.c \
-o "install/MINGW/$CPU/passthru.exe" -lWinDivert -lws2_32 \
-o "install/MINGW/$CPU/passthru.exe" -lWinDivert \
-L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/webfilter.exe..."
$CC -s -O2 -Iinclude/ examples/webfilter/webfilter.c \
-o "install/MINGW/$CPU/webfilter.exe" -lWinDivert -lws2_32 \
-o "install/MINGW/$CPU/webfilter.exe" -lWinDivert \
-L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/streamdump.exe..."
$CC -s -O2 -Iinclude/ examples/streamdump/streamdump.c \
-o "install/MINGW/$CPU/streamdump.exe" -lWinDivert -lws2_32 \
-L"install/MINGW/$CPU/"
echo "\tcopy install/MINGW/$CPU/WinDivert$BITS.sys..."
cp install/WDDK/$CPU/WinDivert$BITS.sys install/MINGW/$CPU
echo "\tbuild install/MINGW/$CPU/flowtrack.exe..."
$CC -s -O2 -Iinclude/ examples/flowtrack/flowtrack.c \
-o "install/MINGW/$CPU/flowtrack.exe" -lWinDivert -lpsapi \
-lshlwapi -L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/windivertctl.exe..."
$CC -s -O2 -Iinclude/ examples/windivertctl/windivertctl.c \
-o "install/MINGW/$CPU/windivertctl.exe" -lWinDivert \
-lpsapi -lshlwapi -L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/socketdump.exe..."
$CC -s -O2 -Iinclude/ examples/socketdump/socketdump.c \
-o "install/MINGW/$CPU/socketdump.exe" -lWinDivert \
-lpsapi -lshlwapi -L"install/MINGW/$CPU/"
echo "\tbuild install/MINGW/$CPU/test.exe..."
$CC -s -O2 -Iinclude/ test/test.c \
-o "install/MINGW/$CPU/test.exe" -lWinDivert \
-L"install/MINGW/$CPU/"
if [ $HAVE_SYS = yes ]
then
echo "\tcopy install/MINGW/$CPU/WinDivert$BITS.sys..."
cp install/MSVC/$CPU/WinDivert$BITS.sys install/MINGW/$CPU
fi
else
echo "WARNING: $CC not found"
fi
msvc-build.bat
+104 -64
View File
@@ -1,5 +1,5 @@
:: msvc-build.bat
:: (C) 2018, all rights reserved,
:: (C) 2019, all rights reserved,
::
:: This file is part of WinDivert.
::
@@ -29,82 +29,122 @@
:: You should have received a copy of the GNU General Public License along
:: with this program; if not, write to the Free Software Foundation, Inc., 51
:: Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
::
:: Script for MSVC (Microsoft Visual Studio 2012) compilation.
:: NOTE: run wddk-build.bat before this script.
@echo off
:: Determine target CPU.
msbuild sys\windivert.vcxproj ^
/p:Configuration=Release ^
/p:platform=Win32 ^
/p:SignMode=Off ^
/p:OutDir=..\install\MSVC\i386\ ^
/p:AssemblyName=WinDivert32
cl 2>&1 | findstr "x86" > NUL
msbuild sys\windivert.vcxproj ^
/p:Configuration=Release ^
/p:platform=x64 ^
/p:SignMode=Off ^
/p:OutDir=..\install\MSVC\amd64\ ^
/p:AssemblyName=WinDivert64
if %ERRORLEVEL% == 0 (
set TARGET=i386
set PLATFORM=Win32
set BITS=32
) ELSE (
set TARGET=amd64
set PLATFORM=x64
set BITS=64
)
msbuild dll\windivert.vcxproj ^
/p:Configuration=Release ^
/p:platform=Win32 ^
/p:OutDir=..\install\MSVC\i386\
move dll\WinDivert.lib install\MSVC\i386\.
set WDDK_INSTALL=install\WDDK\%TARGET%\
set MSVC_INSTALL=install\MSVC\%TARGET%\
msbuild dll\windivert.vcxproj ^
/p:Configuration=Release ^
/p:platform=x64 ^
/p:OutDir=..\install\MSVC\amd64\
move dll\WinDivert.lib install\MSVC\amd64\.
if not exist %WDDK_INSTALL% (
echo ERROR: Missing WDDK build; run wddk-build.bat first
exit /B
)
mkdir %MSVC_INSTALL%
msbuild examples\flowtrack\flowtrack.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
:: Build WinDivert.dll
cd dll
msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
copy /Y build\WinDivert.dll ..\%MSVC_INSTALL%
copy /Y build\WinDivert.lib ..\%MSVC_INSTALL%
copy /Y build\WinDivert.lib ..\%MSVC_INSTALL%..
rd /s /q build\
cd ..
msbuild examples\flowtrack\flowtrack.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
:: Build netdump
cd examples\netdump
msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
copy /Y build\netdump.exe ..\..\%MSVC_INSTALL%
rd /s /q build\
cd ..\..
msbuild examples\netdump\netdump.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
:: Build netfilter
cd examples\netfilter
msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
copy /Y build\netfilter.exe ..\..\%MSVC_INSTALL%
rd /s /q build\
cd ..\..
msbuild examples\netdump\netdump.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
:: Build passthru
cd examples\passthru
msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
copy /Y build\passthru.exe ..\..\%MSVC_INSTALL%
rd /s /q build\
cd ..\..
msbuild examples\netfilter\netfilter.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
:: Build webfilter
cd examples\webfilter
msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
copy /Y build\webfilter.exe ..\..\%MSVC_INSTALL%
rd /s /q build\
cd ..\..
msbuild examples\netfilter\netfilter.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
:: Build streamdump
cd examples\streamdump
msbuild /p:Platform=%PLATFORM% /p:OutDir=build\
copy /Y build\streamdump.exe ..\..\%MSVC_INSTALL%
rd /s /q build\
cd ..\..
msbuild examples\passthru\passthru.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
:: Copy files
copy /Y %WDDK_INSTALL%\WinDivert%BITS%.sys %MSVC_INSTALL%
msbuild examples\passthru\passthru.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
:: Clean-up
del %MSVC_INSTALL%..\WinDivert.lib
msbuild examples\socketdump\socketdump.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
msbuild examples\socketdump\socketdump.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
msbuild examples\streamdump\streamdump.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
msbuild examples\streamdump\streamdump.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
msbuild examples\webfilter\webfilter.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
msbuild examples\webfilter\webfilter.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
msbuild examples\windivertctl\windivertctl.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\..\install\MSVC\i386\
msbuild examples\windivertctl\windivertctl.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\..\install\MSVC\amd64\
msbuild test\test.vcxproj ^
/p:Configuration=Release ^
/p:Platform=Win32 ^
/p:OutDir=..\install\MSVC\i386\
msbuild test\test.vcxproj ^
/p:Configuration=Release ^
/p:Platform=x64 ^
/p:OutDir=..\install\MSVC\amd64\
release-build.sh
+121 -99
View File
@@ -1,7 +1,7 @@
#!/bin/bash
#
# release-build.sh
# (C) 2018, all rights reserved,
# (C) 2019, all rights reserved,
#
# This file is part of WinDivert.
#
@@ -37,107 +37,129 @@
set -e
LABEL=
if [ $# -ge 1 ]
then
LABEL="-$1"
fi
TARGET=MINGW
WINDIVERT32_SYS=install/$TARGET/i386/WinDivert32.sys
if [ $# -ge 2 ]
then
WINDIVERT32_SYS=$2
fi
WINDIVERT64_SYS=install/$TARGET/amd64/WinDivert64.sys
if [ $# -ge 3 ]
then
WINDIVERT64_SYS=$3
fi
VERSION=`cat ./VERSION`
NAME=WinDivert-$VERSION
for TARGET in WDDK MSVC MINGW
do
if [ ! -d "install/$TARGET" ]
echo "BUILD $NAME$LABEL"
INSTALL=install/$NAME$LABEL
echo "\tmake $INSTALL..."
rm -rf $INSTALL
mkdir -p $INSTALL
echo "\tcopy $INSTALL/README..."
cp README $INSTALL
echo "\tcopy $INSTALL/CHANGELOG..."
cp CHANGELOG $INSTALL
echo "\tcopy $INSTALL/LICENSE..."
cp LICENSE $INSTALL
echo "\tcopy $INSTALL/VERSION..."
cp VERSION $INSTALL
echo "\tmake $INSTALL/include..."
mkdir -p $INSTALL/include
echo "\tcopy $INSTALL/include/windivert.h..."
cp include/windivert.h $INSTALL/include
echo "\tmake $INSTALL/doc..."
mkdir -p $INSTALL/doc
echo "\tcopy $INSTALL/doc/WinDivert.html..."
cp doc/windivert.html $INSTALL/doc/WinDivert.html
echo "\tmake $INSTALL/x86..."
mkdir -p $INSTALL/x86
echo "\tcopy $INSTALL/x86/WinDivert32.sys..."
cp "$WINDIVERT32_SYS" $INSTALL/x86
if ! grep "DigiCert High Assurance EV Root" $INSTALL/x86/WinDivert32.sys \
2>&1 >/dev/null
then
echo "\t\033[33mWARNING\033[0m: unsigned WinDivert32.sys..."
fi
if [ -e "$WINDIVERT64_SYS" ]
then
echo "\tcopy $INSTALL/x64/WinDivert64.sys..."
cp "$WINDIVERT64_SYS" $INSTALL/x86
fi
echo "\tcopy $INSTALL/x86/WinDivert.lib..."
cp install/$TARGET/i386/WinDivert.lib $INSTALL/x86
echo "\tcopy $INSTALL/x86/WinDivert.dll..."
cp install/$TARGET/i386/WinDivert.dll $INSTALL/x86
echo "\tcopy $INSTALL/x86/netdump.exe..."
cp install/$TARGET/i386/netdump.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/netfilter.exe..."
cp install/$TARGET/i386/netfilter.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/passtru.exe..."
cp install/$TARGET/i386/passthru.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/webfilter.exe..."
cp install/$TARGET/i386/webfilter.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/streamdump.exe..."
cp install/$TARGET/i386/streamdump.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/flowtrack.exe..."
cp install/$TARGET/i386/flowtrack.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/socketdump.exe..."
cp install/$TARGET/i386/socketdump.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/windivertctl.exe..."
cp install/$TARGET/i386/windivertctl.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/test.exe..."
cp install/$TARGET/i386/test.exe $INSTALL/x86
if [ -d "install/$TARGET/amd64" ]
then
echo "\tmake $INSTALL/amd64..."
mkdir -p $INSTALL/x64
echo "\tcopy $INSTALL/amd64/WinDivert64.sys..."
cp "$WINDIVERT64_SYS" $INSTALL/x64
if ! grep "DigiCert High Assurance EV Root" \
$INSTALL/x64/WinDivert64.sys 2>&1 >/dev/null
then
echo "SKIP $NAME-$TARGET"
continue
echo "\t\033[33mWARNING\033[0m: unsigned WinDivert64.sys..."
fi
echo "BUILD $NAME-$TARGET"
INSTALL=install/$NAME-$TARGET
echo "\tmake $INSTALL..."
mkdir -p $INSTALL
echo "\tcopy $INSTALL/README..."
cp README $INSTALL
echo "\tcopy $INSTALL/CHANGELOG..."
cp CHANGELOG $INSTALL
echo "\tcopy $INSTALL/LICENSE..."
cp LICENSE $INSTALL
echo "\tcopy $INSTALL/VERSION..."
cp VERSION $INSTALL
echo "\tmake $INSTALL/include..."
mkdir -p $INSTALL/include
echo "\tcopy $INSTALL/include/windivert.h..."
cp include/windivert.h $INSTALL/include
echo "\tmake $INSTALL/doc..."
mkdir -p $INSTALL/doc
echo "\tcopy $INSTALL/doc/WinDivert.html..."
cp doc/windivert.html $INSTALL/doc/WinDivert.html
echo "\tmake $INSTALL/x86..."
mkdir -p $INSTALL/x86
echo "\tcopy $INSTALL/x86/WinDivert32.sys..."
cp install/$TARGET/i386/WinDivert32.sys $INSTALL/x86
if ! grep "DigiCert High Assurance EV Root" $INSTALL/x86/WinDivert32.sys \
2>&1 >/dev/null
then
echo "\t\033[33mWARNING\033[0m: unsigned WinDivert32.sys..."
fi
if [ $TARGET != MINGW ]
then
echo "\tcopy $INSTALL/x86/WinDivert.lib..."
cp install/$TARGET/i386/WinDivert.lib $INSTALL/x86
fi
echo "\tcopy $INSTALL/x86/WinDivert.dll..."
cp install/$TARGET/i386/WinDivert.dll $INSTALL/x86
echo "\tcopy $INSTALL/x86/netdump.exe..."
cp install/$TARGET/i386/netdump.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/netfilter.exe..."
cp install/$TARGET/i386/netfilter.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/passtru.exe..."
cp install/$TARGET/i386/passthru.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/webfilter.exe..."
cp install/$TARGET/i386/webfilter.exe $INSTALL/x86
echo "\tcopy $INSTALL/x86/streamdump.exe..."
cp install/$TARGET/i386/streamdump.exe $INSTALL/x86
if [ -d "install/$TARGET/amd64" ]
then
echo "\tmake $INSTALL/amd64..."
mkdir -p $INSTALL/amd64
echo "\tcopy $INSTALL/amd64/WinDivert64.sys..."
cp install/$TARGET/amd64/WinDivert64.sys $INSTALL/amd64
if ! grep "DigiCert High Assurance EV Root" \
$INSTALL/amd64/WinDivert64.sys 2>&1 >/dev/null
then
echo -e "\t\033[33mWARNING\033[0m: unsigned WinDivert64.sys..."
fi
if [ $TARGET != MINGW ]
then
echo "\tcopy $INSTALL/amd64/WinDivert.lib..."
cp install/$TARGET/amd64/WinDivert.lib $INSTALL/amd64
fi
echo "\tcopy $INSTALL/amd64/WinDivert.dll..."
cp install/$TARGET/amd64/WinDivert.dll $INSTALL/amd64
echo "\tcopy $INSTALL/amd64/netdump.exe..."
cp install/$TARGET/amd64/netdump.exe $INSTALL/amd64
echo "\tcopy $INSTALL/amd64/netfilter.exe..."
cp install/$TARGET/amd64/netfilter.exe $INSTALL/amd64
echo "\tcopy $INSTALL/amd64/passtru.exe..."
cp install/$TARGET/amd64/passthru.exe $INSTALL/amd64
echo "\tcopy $INSTALL/amd64/webfilter.exe..."
cp install/$TARGET/amd64/webfilter.exe $INSTALL/amd64
echo "\tcopy $INSTALL/amd64/streamdump.exe..."
cp install/$TARGET/amd64/streamdump.exe $INSTALL/amd64
else
echo "\tWARNING: skipping missing AMD64 build..."
fi
PACKAGE=$NAME-$TARGET.tar.gz
echo "\tbuilding $PACKAGE..."
(
cd install;
tar cvz --owner root --group root -f $PACKAGE $NAME-$TARGET > /dev/null
)
PACKAGE=$NAME-$TARGET.zip
echo "\tbuilding $PACKAGE..."
(
cd install;
zip -r $PACKAGE $NAME-$TARGET > /dev/null
)
echo -n "\tclean $INSTALL..."
rm -rf $INSTALL
echo "DONE"
done
echo "\tcopy $INSTALL/x64/WinDivert.lib..."
cp install/$TARGET/amd64/WinDivert.lib $INSTALL/x64
echo "\tcopy $INSTALL/x64/WinDivert.dll..."
cp install/$TARGET/amd64/WinDivert.dll $INSTALL/x64
echo "\tcopy $INSTALL/x64/netdump.exe..."
cp install/$TARGET/amd64/netdump.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/netfilter.exe..."
cp install/$TARGET/amd64/netfilter.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/passtru.exe..."
cp install/$TARGET/amd64/passthru.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/webfilter.exe..."
cp install/$TARGET/amd64/webfilter.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/streamdump.exe..."
cp install/$TARGET/amd64/streamdump.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/flowtrack.exe..."
cp install/$TARGET/amd64/flowtrack.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/socketdump.exe..."
cp install/$TARGET/amd64/socketdump.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/windivertctl.exe..."
cp install/$TARGET/amd64/windivertctl.exe $INSTALL/x64
echo "\tcopy $INSTALL/x64/test.exe..."
cp install/$TARGET/amd64/test.exe $INSTALL/x64
else
echo "\tWARNING: skipping missing AMD64 build..."
fi
PACKAGE=$NAME$LABEL.zip
echo "\tbuilding $PACKAGE..."
(
cd install;
zip -r $PACKAGE $NAME$LABEL > /dev/null
)
echo -n "\tclean $INSTALL..."
rm -rf $INSTALL
echo "DONE"
sys/sources
+1 -1
View File
@@ -19,6 +19,6 @@ NTTARGETFILES=
KMDF_VERSION_MAJOR=1
C_DEFINES=$(C_DEFINES) -DBINARY_COMPATIBLE=0 -DNT -DUNICODE -D_UNICODE \
-DNDIS60 -DNDIS_SUPPORT_NDIS60
INCLUDES=$(DDK_INC_PATH);..\include
INCLUDES=$(DDK_INC_PATH);..\include;..\dll
SOURCES=windivert.rc windivert.c
sys/windivert.c
+4400 -1678
View File
File diff suppressed because it is too large Load Diff
sys/windivert.rc
+9 -7
View File
@@ -1,6 +1,6 @@
/*
* windivert.rc
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -35,23 +35,25 @@
#include <windows.h>
#include <ntverp.h>
#include "windivert_log.rc"
#define VER_FILETYPE VFT_DRV
#define VER_FILESUBTYPE VFT2_DRV_NETWORK
#define VER_FILEDESCRIPTION_STR \
"The WinDivert driver " \
"The WinDivert 2.2 driver " \
"[URL: https://reqrypt.org/windivert.html] " \
"[Bitcoin: 1C5vZVSbizPeZ8ydTYhUfm4LA2cNwBfcYh]"
#define VER_INTERNALNAME_STR "WinDivert.sys"
#define VER_ORIGINALFILENAME_STR "WinDivert.sys"
#define VER_PRODUCTVERSION 1.4
#define VER_PRODUCTVERSION_STR "1.4"
#define VER_COMPANYNAME_STR "Basil's Projects"
#define VER_LEGALCOPYRIGHT_YEARS "2011-2017"
#define VER_PRODUCTVERSION 2.2
#define VER_PRODUCTVERSION_STR "2.2"
#define VER_COMPANYNAME_STR "Basil"
#define VER_LEGALCOPYRIGHT_YEARS "2011-2019"
#define VER_LEGALCOPYRIGHT_STR \
"Copyright \251 " VER_COMPANYNAME_STR " " VER_LEGALCOPYRIGHT_YEARS
#define VER_FILEVERSION VER_PRODUCTVERSION
#define VER_FILEVERSION_STR VER_PRODUCTVERSION_STR
#define VER_PRODUCTNAME_STR "WinDivert 1.4 driver"
#define VER_PRODUCTNAME_STR "WinDivert 2.2 driver"
#include "common.ver"
sys/windivert.vcxproj
+93
View File
@@ -0,0 +1,93 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
windivert.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<MessageCompile Include="windivert_log.mc">
<RCFilePath>.</RCFilePath>
<HeaderFilePath>.</HeaderFilePath>
</MessageCompile>
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="windivert.rc" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="windivert.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MaxSpeed</Optimization>
<AdditionalIncludeDirectories>..\include;..\dll;.</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
<RootNamespace>WinDivert</RootNamespace>
<ProjectName>WinDivert</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Desktop</DriverTargetPlatform>
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<EnableInf2cat>false</EnableInf2cat>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<ClCompile>
<WppEnabled>false</WppEnabled>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">_X86_=1;i386=1;STD_CALL;%(PreprocessorDefinitions);NDIS60;UNICODE;_UNICODE;NDIS_SUPPORT_NDIS60;NT;BINARY_COMPATIBLE=0</PreprocessorDefinitions>
<PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Release|x64'">_WIN64;_AMD64_;AMD64;%(PreprocessorDefinitions);NDIS60;UNICODE;_UNICODE;NDIS_SUPPORT_NDIS60;NT;BINARY_COMPATIBLE=0</PreprocessorDefinitions>
</ClCompile>
<Link>
<AdditionalDependencies>%(AdditionalDependencies);$(KernelBufferOverflowLib);$(DDK_LIB_PATH)ntoskrnl.lib;$(DDK_LIB_PATH)hal.lib;$(DDK_LIB_PATH)wmilib.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfLdr.lib;$(KMDF_LIB_PATH)$(KMDF_VER_PATH)\WdfDriverEntry.lib;$(DDK_LIB_PATH)\wdmsec.lib;$(DDK_LIB_PATH)\ndis.lib;$(DDK_LIB_PATH)\fwpkclnt.lib;$(SDK_LIB_PATH)\uuid.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
sys/windivert_log.mc
+59
View File
@@ -0,0 +1,59 @@
;/*
; * windivert_log.mc
; * (C) 2019, all rights reserved,
; *
; * This file is part of WinDivert.
; *
; * WinDivert is free software: you can redistribute it and/or modify it under
; * the terms of the GNU Lesser General Public License as published by the
; * Free Software Foundation, either version 3 of the License, or (at your
; * option) any later version.
; *
; * This program is distributed in the hope that it will be useful, but
; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
; * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
; * License for more details.
; *
; * You should have received a copy of the GNU Lesser General Public License
; * along with this program. If not, see <http://www.gnu.org/licenses/>.
; *
; * WinDivert is free software; you can redistribute it and/or modify it under
; * the terms of the GNU General Public License as published by the Free
; * Software Foundation; either version 2 of the License, or (at your option)
; * any later version.
; *
; * This program is distributed in the hope that it will be useful, but
; * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
; * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
; * for more details.
; *
; * You should have received a copy of the GNU General Public License along
; * with this program; if not, write to the Free Software Foundation, Inc., 51
; * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
; */
MessageIdTypedef=NTSTATUS
SeverityNames = (
Success = 0x0:STATUS_SEVERITY_SUCCESS
Informational = 0x1:STATUS_SEVERITY_INFORMATIONAL
Warning = 0x2:STATUS_SEVERITY_WARNING
Error = 0x3:STATUS_SEVERITY_ERROR
)
FacilityNames = (
System = 0x0:FACILITY_SYSTEM
Runtime = 0x2:FACILITY_RUNTIME
Stubs = 0x3:FACILITY_STUBS
Io = 0x4:FACILITY_IO_ERROR_CODE
WinDivert = 0x574:FACILITY_WINDIVERT
)
MessageId=0x312D
Facility=WinDivert
Severity=Informational
SymbolicName=WINDIVERT_INFO_EVENT
Language=English
%2 %3 (processId=%4)
.
test/build.sh
+7 -4
View File
@@ -1,7 +1,7 @@
#!/bin/bash
#
# build.sh
# (C) 2018, all rights reserved,
# (C) 2019, all rights reserved,
#
# This file is part of WinDivert.
#
@@ -35,8 +35,11 @@
# Script for MinGW/Linux cross compilation.
# NOTE: run wddk-build.bat before this script.
CC=i686-w64-mingw32-gcc
$CC -fno-ident -s -O2 -I../include/ test.c \
-o ../install/MINGW/i386/test.exe -lWinDivert -L"../install/MINGW/i386/"
CC=x86_64-w64-mingw32-gcc
$CC -s -O2 -I../include/ test.c -o test.exe -lWinDivert \
-L"../install/MINGW/amd64/"
$CC -fno-ident -s -O2 -I../include/ test.c -o ../install/MINGW/amd64/test.exe \
-lWinDivert -L"../install/MINGW/amd64/"
test/test.c
+1018 -135
View File
File diff suppressed because it is too large Load Diff
test/test.vcxproj
+73
View File
@@ -0,0 +1,73 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
test.vcxproj
(C) 2019, all rights reserved,
This file is part of WinDivert.
WinDivert is free software: you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the
Free Software Foundation, either version 3 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
WinDivert is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your option)
any later version.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc., 51
Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-->
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<ItemGroup>
<ClCompile Include="test.c">
<TreatWarningAsError>false</TreatWarningAsError>
<Optimization>MinSpace</Optimization>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<AdditionalIncludeDirectories>..\include</AdditionalIncludeDirectories>
</ClCompile>
</ItemGroup>
<PropertyGroup Label="Globals">
<RootNamespace>test</RootNamespace>
<ProjectName>test</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
<PropertyGroup Label="Configuration">
<PlatformToolset>v140</PlatformToolset>
<ConfigurationType>Application</ConfigurationType>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ItemDefinitionGroup>
<Link>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">..\install\MSVC\i386\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies Condition="'$(Configuration)|$(Platform)'=='Release|x64'">..\install\MSVC\amd64\WinDivert.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
</Project>
test/test_data.c
+66 -13
View File
@@ -1,6 +1,6 @@
/*
* test_data.c
* (C) 2018, all rights reserved,
* (C) 2019, all rights reserved,
*
* This file is part of WinDivert.
*
@@ -33,11 +33,11 @@
*/
// IPV4 ICMP ECHO REQUEST
static unsigned char echo_request[] =
static const unsigned char echo_request[] =
{
0x45, 0x00, 0x00, 0x54, 0x12, 0x34, 0x40, 0x00,
0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x00, 0x00,
0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
0x0d, 0x56, 0x00, 0x01, 0x8b, 0xa6, 0x60, 0x54,
0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
@@ -49,13 +49,13 @@ static unsigned char echo_request[] =
};
// IPV4 TCP HTTP GET REQUEST
static unsigned char http_request[] =
static const unsigned char http_request[] =
{
0x45, 0x00, 0x02, 0x09, 0x48, 0x2d, 0x40, 0x00,
0x40, 0x06, 0x00, 0x00, 0x0a, 0x0a, 0x0a, 0x0a,
0x5d, 0xb8, 0xd8, 0x77, 0xa3, 0x1a, 0x00, 0x50,
0x53, 0x38, 0xcc, 0xc2, 0x56, 0x37, 0xb3, 0x55,
0x80, 0x18, 0x00, 0x73, 0x00, 0x00, 0x00, 0x00,
0x80, 0x18, 0x00, 0x73, 0x02, 0xa4, 0x00, 0x00,
0x01, 0x01, 0x08, 0x0a, 0x00, 0x2c, 0x85, 0x1b,
0x1b, 0x7f, 0x3a, 0x71, 0x47, 0x45, 0x54, 0x20,
0x2f, 0x20, 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31,
@@ -120,12 +120,12 @@ static unsigned char http_request[] =
};
// IPV4 DNS REQUEST
static unsigned char dns_request[] =
static const unsigned char dns_request[] =
{
0x45, 0x00, 0x00, 0x39, 0x20, 0x90, 0x00, 0x00,
0x49, 0x11, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
0x08, 0x08, 0x04, 0x04, 0xe0, 0x45, 0x00, 0x35,
0x00, 0x25, 0x00, 0x00, 0x17, 0x08, 0x01, 0x00,
0x00, 0x25, 0x22, 0xa7, 0x17, 0x08, 0x01, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x07, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
0x03, 0x63, 0x6f, 0x6d, 0x00, 0x00, 0x01, 0x00,
@@ -133,7 +133,7 @@ static unsigned char dns_request[] =
};
// IPV6 TCP SYN
static unsigned char ipv6_tcp_syn[] =
static const unsigned char ipv6_tcp_syn[] =
{
0x60, 0x00, 0x00, 0x00, 0x00, 0x28, 0x06, 0x40,
0x12, 0x34, 0x56, 0x78, 0x00, 0x01, 0x00, 0x00,
@@ -142,20 +142,20 @@ static unsigned char ipv6_tcp_syn[] =
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0xc3, 0x7e, 0x00, 0x17, 0xe1, 0xd7, 0xc8, 0xaa,
0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0xaa, 0xaa,
0x00, 0x00, 0x00, 0x00, 0x02, 0x04, 0xff, 0xc4,
0xc3, 0x5e, 0x00, 0x00, 0x02, 0x04, 0xff, 0xc4,
0x04, 0x02, 0x08, 0x0a, 0xff, 0xff, 0x91, 0x86,
0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x03, 0x07
};
// IPV6 ICMPV6 ECHO REPLY
static unsigned char ipv6_echo_reply[] =
static const unsigned char ipv6_echo_reply[] =
{
0x60, 0x00, 0x00, 0x00, 0x00, 0x40, 0x3a, 0x1f,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x81, 0x00, 0x00, 0x00, 0x10, 0x72, 0x00, 0x03,
0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
@@ -166,7 +166,7 @@ static unsigned char ipv6_echo_reply[] =
};
// IPV6 EXTENSION HEADERS UDP
static unsigned char ipv6_exthdrs_udp[] =
static const unsigned char ipv6_exthdrs_udp[] =
{
0x60, 0x00, 0x00, 0x00, 0x00, 0x2d, 0x00, 0x64,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -176,8 +176,61 @@ static unsigned char ipv6_exthdrs_udp[] =
0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x12, 0x34, 0xaa, 0xaa, 0x00, 0x15, 0x00, 0x00,
0x12, 0x34, 0xaa, 0xaa, 0x00, 0x15, 0xef, 0xf4,
0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f,
0x72, 0x6c, 0x64, 0x21, 0x01
};
// IPV4 FRAGMENT #0
static const unsigned char ipv4_fragment_0[] =
{
0x45, 0x00, 0x00, 0x1C, 0x12, 0x34, 0x20, 0x00,
0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
0x08, 0x08, 0x08, 0x08, 0x08, 0x00, 0x3c, 0xd2,
0x0d, 0x56, 0x00, 0x01
};
// IPV4 FRAGMENT #1
static const unsigned char ipv4_fragment_1[] =
{
0x45, 0x00, 0x00, 0x4C, 0x12, 0x34, 0x00, 0x01,
0x40, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x01,
0x08, 0x08, 0x08, 0x08, 0x8b, 0xa6, 0x60, 0x54,
0x00, 0x00, 0x00, 0x00, 0xf9, 0x08, 0x0a, 0x00,
0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13,
0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b,
0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33,
0x34, 0x35, 0x36, 0x37
};
// IPV6 FRAGMENT #0
static const unsigned char ipv6_fragment_0[] =
{
0x60, 0x00, 0x00, 0x00, 0x00, 0x20, 0x2c, 0x1f,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x3a, 0x00, 0x00, 0x01, 0xc7, 0xf6, 0xce, 0x53,
0x81, 0x00, 0x6e, 0xd6, 0x10, 0x72, 0x00, 0x03,
0xa4, 0xd5, 0x69, 0x54, 0x00, 0x00, 0x00, 0x00,
0xab, 0x75, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
};
// IPV6 FRAGMENT #1
static const unsigned char ipv6_fragment_1[] =
{
0x60, 0x00, 0x00, 0x00, 0x00, 0x30, 0x2c, 0x1f,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
0x3a, 0x00, 0x00, 0x18, 0xc7, 0xf6, 0xce, 0x53,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
};
wddk-build.bat
+1 -1
View File
@@ -1,5 +1,5 @@
:: wddk-build.bat
:: (C) 2018, all rights reserved,
:: (C) 2019, all rights reserved,
::
:: This file is part of WinDivert.
::