For a few more time, I used XFilter personal firewall. When I started, I feel is not bad, but I gradually discovered it. At the same time, I also read his source code. I personally think that for Xfilter, if Personal development test is OK, but if you want to be a professional firewall, it is far away!!
XFilter's implementation principle: Just based on the source code I read, Xfilter is the SPI implementation of the SPI monitoring and interception, but there is a most important part to pay attention to it modified the location of the registry ([HKEY_LOCAL_MACHINE / System / currentControlSet / Services / Winsock2 / parameters / protocol_catalog9 / catalog_entries]) The value inside, then when the system loads the dynamic connection library of the network, it is modified to your own connection library, so everyone should know his interception What is going on. That is, when I have modified this, when any network calls the SPI, it is actually a DLL called XFilter compiled, then in this DLL, we want to do anything, can of course intercepted Network data package. Although this has certain technical content, I don't think this software is very high, and most of its time spent how to find a process to make an action on the network, and, If you use the SPI, it should be unable to intercept the ICMP package. Compared to the network dart, it still has a gap (although it is a personal software).
However, the problem is mainly used by my friend's computer, when his Services.exe tries to load XFilter.dll, it is not possible to boot (there is nothing here), including any operation, Execution. In addition, the computer installed the software will have problems when using IIS (I tested three computers without exception). Then I occasionally make your network amazed, perhaps the wrong problem. I It also feels that there is a certain decrease in the network speed, but this may be inevitable for the SPI because it is equivalent to adding a filter layer in it.
However, Xfilter made me learn a lot, I also admire his author. It is Zhu Yan Hui, Zhu Ying. Here I don't criticize, because I have not eligible, but this is a firewall, it is inevitable to make people It is not easy to accept. Now I have changed the registry back, and I found that the system is stable. I suspect that because the SPI it wrote is not all written, it causes an error when calling some SPIs. Because of my impression of SPI 30 There is a left and right, but there is no so much, then the part that has not been written is largely the reason for this software failure.
